From: Jean-Philippe Brucker <jean-philippe@linaro.org>
To: peter.maydell@linaro.org
Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, pbonzini@redhat.com,
eblake@redhat.com, armbru@redhat.com, berrange@redhat.com,
eduardo@habkost.net, alex.bennee@linaro.org,
richard.henderson@linaro.org,
Jean-Philippe Brucker <jean-philippe@linaro.org>
Subject: [RFC PATCH 02/16] target/arm: Add confidential guest support
Date: Fri, 27 Jan 2023 15:07:15 +0000 [thread overview]
Message-ID: <20230127150727.612594-3-jean-philippe@linaro.org> (raw)
In-Reply-To: <20230127150727.612594-1-jean-philippe@linaro.org>
Add a new RmeGuest object, inheriting from ConfidentialGuestSupport, to
support the Arm Realm Management Extension (RME). It is instantiated by
passing on the command-line:
-M virt,confidential-guest-support=<id>
-object guest-rme,id=<id>[,options...]
This is only the skeleton. Support will be added in following patches.
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
---
docs/system/confidential-guest-support.rst | 1 +
qapi/qom.json | 3 +-
target/arm/kvm-rme.c | 48 ++++++++++++++++++++++
target/arm/meson.build | 7 +++-
4 files changed, 57 insertions(+), 2 deletions(-)
create mode 100644 target/arm/kvm-rme.c
diff --git a/docs/system/confidential-guest-support.rst b/docs/system/confidential-guest-support.rst
index 0c490dbda2..acf46d8856 100644
--- a/docs/system/confidential-guest-support.rst
+++ b/docs/system/confidential-guest-support.rst
@@ -40,5 +40,6 @@ Currently supported confidential guest mechanisms are:
* AMD Secure Encrypted Virtualization (SEV) (see :doc:`i386/amd-memory-encryption`)
* POWER Protected Execution Facility (PEF) (see :ref:`power-papr-protected-execution-facility-pef`)
* s390x Protected Virtualization (PV) (see :doc:`s390x/protvirt`)
+* Arm Realm Management Extension (RME)
Other mechanisms may be supported in future.
diff --git a/qapi/qom.json b/qapi/qom.json
index 30e76653ad..7ca27bb86c 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -917,7 +917,8 @@
'tls-creds-x509',
'tls-cipher-suites',
{ 'name': 'x-remote-object', 'features': [ 'unstable' ] },
- { 'name': 'x-vfio-user-server', 'features': [ 'unstable' ] }
+ { 'name': 'x-vfio-user-server', 'features': [ 'unstable' ] },
+ 'rme-guest'
] }
##
diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c
new file mode 100644
index 0000000000..22aa3dc712
--- /dev/null
+++ b/target/arm/kvm-rme.c
@@ -0,0 +1,48 @@
+/*
+ * QEMU Arm RME support
+ *
+ * Copyright Linaro 2022
+ */
+
+#include "qemu/osdep.h"
+
+#include "exec/confidential-guest-support.h"
+#include "hw/boards.h"
+#include "hw/core/cpu.h"
+#include "kvm_arm.h"
+#include "migration/blocker.h"
+#include "qapi/error.h"
+#include "qom/object_interfaces.h"
+#include "sysemu/kvm.h"
+#include "sysemu/runstate.h"
+
+#define TYPE_RME_GUEST "rme-guest"
+OBJECT_DECLARE_SIMPLE_TYPE(RmeGuest, RME_GUEST)
+
+typedef struct RmeGuest RmeGuest;
+
+struct RmeGuest {
+ ConfidentialGuestSupport parent_obj;
+};
+
+static void rme_guest_class_init(ObjectClass *oc, void *data)
+{
+}
+
+static const TypeInfo rme_guest_info = {
+ .parent = TYPE_CONFIDENTIAL_GUEST_SUPPORT,
+ .name = TYPE_RME_GUEST,
+ .instance_size = sizeof(struct RmeGuest),
+ .class_init = rme_guest_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_USER_CREATABLE },
+ { }
+ }
+};
+
+static void rme_register_types(void)
+{
+ type_register_static(&rme_guest_info);
+}
+
+type_init(rme_register_types);
diff --git a/target/arm/meson.build b/target/arm/meson.build
index 87e911b27f..a2224c0d23 100644
--- a/target/arm/meson.build
+++ b/target/arm/meson.build
@@ -40,7 +40,12 @@ arm_ss.add(files(
))
arm_ss.add(zlib)
-arm_ss.add(when: 'CONFIG_KVM', if_true: files('kvm.c', 'kvm64.c'), if_false: files('kvm-stub.c'))
+arm_ss.add(when: 'CONFIG_KVM',
+ if_true: files(
+ 'kvm.c',
+ 'kvm64.c',
+ 'kvm-rme.c'),
+ if_false: files('kvm-stub.c'))
arm_ss.add(when: 'TARGET_AARCH64', if_true: files(
'cpu64.c',
--
2.39.0
next prev parent reply other threads:[~2023-01-27 15:18 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-27 15:07 [RFC PATCH 00/16] arm: Run Arm CCA VMs with KVM Jean-Philippe Brucker
2023-01-27 15:07 ` [RFC PATCH 01/16] NOMERGE: Add KVM Arm RME definitions to Linux headers Jean-Philippe Brucker
2023-01-27 15:07 ` Jean-Philippe Brucker [this message]
2023-01-27 19:50 ` [RFC PATCH 02/16] target/arm: Add confidential guest support Richard Henderson
2023-01-28 0:03 ` Philippe Mathieu-Daudé
2023-01-27 15:07 ` [RFC PATCH 03/16] target/arm/kvm-rme: Initialize realm Jean-Philippe Brucker
2023-01-27 20:37 ` Richard Henderson
2023-02-08 12:07 ` Jean-Philippe Brucker
2023-01-27 15:07 ` [RFC PATCH 04/16] hw/arm/virt: Add support for Arm RME Jean-Philippe Brucker
2023-01-27 21:07 ` Richard Henderson
2023-02-08 12:08 ` Jean-Philippe Brucker
2023-01-27 15:07 ` [RFC PATCH 05/16] target/arm/kvm: Split kvm_arch_get/put_registers Jean-Philippe Brucker
2023-01-27 22:16 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 06/16] target/arm/kvm-rme: Initialize vCPU Jean-Philippe Brucker
2023-01-27 22:19 ` Richard Henderson
2023-01-27 22:37 ` Richard Henderson
2023-02-08 12:09 ` Jean-Philippe Brucker
2023-01-27 23:04 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 07/16] target/arm/kvm: Select RME VM type for the scratch VM Jean-Philippe Brucker
2023-01-27 22:39 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 08/16] target/arm/kvm-rme: Populate the realm with boot images Jean-Philippe Brucker
2023-01-27 23:54 ` Richard Henderson
2023-02-08 12:10 ` Jean-Philippe Brucker
2023-01-27 15:07 ` [RFC PATCH 09/16] hw/arm/boot: Populate realm memory " Jean-Philippe Brucker
2023-01-27 15:07 ` [RFC PATCH 10/16] target/arm/kvm-rme: Add measurement algorithm property Jean-Philippe Brucker
2023-01-28 0:04 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 11/16] target/arm/kvm-rme: Add Realm Personalization Value parameter Jean-Philippe Brucker
2023-01-28 0:07 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 12/16] target/arm/kvm-rme: Add Realm SVE vector length Jean-Philippe Brucker
2023-01-28 0:22 ` Richard Henderson
2023-01-28 0:31 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 13/16] target/arm/kvm-rme: Add breakpoints and watchpoints parameters Jean-Philippe Brucker
2023-01-28 0:33 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 14/16] target/arm/kvm-rme: Add PMU num counters parameters Jean-Philippe Brucker
2023-01-28 0:34 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 15/16] target/arm/kvm: Disable Realm reboot Jean-Philippe Brucker
2023-01-28 0:35 ` Richard Henderson
2023-01-27 15:07 ` [RFC PATCH 16/16] target/arm/kvm-rme: Disable readonly mappings Jean-Philippe Brucker
2023-01-28 0:54 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230127150727.612594-3-jean-philippe@linaro.org \
--to=jean-philippe@linaro.org \
--cc=alex.bennee@linaro.org \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=eduardo@habkost.net \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.