Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g., debug bit, it will be allowed in the future when debug
TD support lands in QEMU.
Signed-off-by: Xiaoyao Li
TDX cannot support pflash device since it doesn't support read-only
memslot and doesn't support emulation. Load TDVF(OVMF) with -bios option
for TDs.
When boot a TD, besides load TDVF to the address below 4G, it needs
parse TDVF metadata.
Signed-off-by: Xiaoyao Li
---
hw/i386/pc_sysfw.c
Before a TD can run, it needs to
- setup/configure TD HOB list;
- initialize TDVF into TD's private memory;
- initialize TD vcpu state;
Register a machine_init_done callback to all those stuff.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 12
1 file changed, 12
TDX vcpu needs to be initialized by SEAMCALL(TDH.VP.INIT) and KVM
provides vcpu level IOCTL KVM_TDX_INIT_VCPU for it.
KVM_TDX_INIT_VCPU needs the address of the HOB as input. Invoke it for
each vcpu after HOB list is created.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 18
ote, this doesn't address the fact that QEMU may change the CPUID
configuration when creating vCPUs, i.e. punts on refactoring QEMU to
provide a stable CPUID config prior to kvm_arch_init().
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c| 9 -
target/i386/kvm/kvm.c |
TDX guest cannot go to real mode, so just skip the setup of isa-bios.
Signed-off-by: Xiaoyao Li
---
hw/i386/x86.c | 24 +---
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index fdf6af2f6add..17f2252296c5 100644
--- a/hw/i386
that is the offset of TDX metadata to the end
of firmware file.
Select X86_FW_OVMF when TDX is enable to leverage existing functions
to parse and search OVMF's GUID-ed structures.
Signed-off-by: Isaku Yamahata
Co-developed-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
---
Changes in v4:
- rename
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 12
include/sysemu/kvm.h | 1 +
2 files changed, 13
needs to be cap'ed by tdx_caps, because
KVM uses them to setup XFAM of TD.
Introduce tdx_get_supported_cpuid() to adjust the
kvm_arch_get_supported_cpuid() for TDX VM.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.h | 5 +
target/i386/kvm/kvm.c | 4
target/i386/kvm/tdx.c | 44
Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and pass it
to KVM_TDX_INIT_VM.
Besides, sanity check the tsc frequency to be in the legal range and
legal granularity (required by TDX module).
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 8
target/i386
TDX only supports readonly for shared memory but not for private memory.
In the view of QEMU, it has no idea whether a memslot is used as shared
memory of private. Thus just mark kvm_readonly_mem_enabled to false to
TDX VM for simplicity.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 9
Introduce tdx_kvm_init() and invoke it in kvm_confidential_guest_init()
if it's a TDX VM. More initialization will be added later.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 15 ++-
target/i386/kvm/meson.build | 2 +-
target/i386/kvm/tdx-stub.c | 9
For QEMU VMs, PKS is configured via CPUID_7_0_ECX_PKS and PMU is
configured by x86cpu->enable_pmu. Reuse the existing configuration
interface for TDX VMs.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/target/i386/
M and VCPU) in preparation.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 85 +++
1 file changed, 85 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 77e33ae01147..68bedbad0ebe 100644
--- a/target/i386/kvm/tdx.c
+++ b/t
dx0,...
it parses VM type as KVM_X86_TDX_VM. Otherwise, it's KVM_X86_DEFAULT_VM.
Signed-off-by: Xiaoyao Li
---
hw/i386/x86.c | 6 ++
target/i386/kvm/kvm.c | 30 ++
target/i386/kvm/kvm_i386.h | 1 +
3 files changed, 37 insertions(+)
diff --git a
From: Sean Christopherson
Move the architectural (for lack of a better term) CPUID leaf generation
to a separate helper so that the generation code can be reused by TDX,
which needs to generate a canonical VM-scoped configuration.
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
For TDX, the address below 1MB are entirely general RAM. No need to
initialize pc.rom memory region for TDs.
Signed-off-by: Xiaoyao Li
---
hw/i386/pc.c | 21 -
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 5ef20e2071a7
Introduce a separate function kvm_confidential_guest_init() for SEV (and
future TDX).
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 11 ++-
target/i386/sev.c | 1 -
target/i386/sev.h | 2 ++
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/target/i386
Pull in recent TDX updates, which are not backwards compatible.
It's just to make this series runnable. It will be updated by script
scripts/update-linux-headers.sh
once TDX support is upstreamed in linux kernel.
Signed-off-by: Xiaoyao Li
Co-developed-by: Sean Christopherson
Signed
generation to separate helper
i386/tdx: Don't get/put guest state for TDX VMs
Xiaoyao Li (30):
*** HACK *** linux-headers: Update headers to pull in TDX API changes
i386: Introduce tdx-guest object
target/i386: Implement mc->kvm_type() to get VM type
target/i386: Introd
It will need special handling for TDX VMs all around the QEMU.
Introduce is_tdx_vm() helper to query if it's a TDX VM.
Cache tdx_guest object thus no need to cast from ms->cgs every time.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 13 +
target/i386/kvm/tdx.h |
and not
configurable so far.
Signed-off-by: Xiaoyao Li
---
configs/devices/i386-softmmu/default.mak | 1 +
hw/i386/Kconfig | 5 +++
qapi/qom.json| 14 +
target/i386/kvm/meson.build | 2 ++
target/i386/kvm/tdx.c| 40
On 3/10/2022 9:07 PM, Michael S. Tsirkin wrote:
On Thu, Mar 10, 2022 at 08:28:09PM +0800, Xiaoyao Li wrote:
For PIT, it's straightforward to merge microvm::pit and
pc_machine::pit_enabled into x86ms::pit
For PIC, move microvm::pic to x86ms:pic, which gives PC machine the
ability to dis-/en
On 3/10/2022 8:22 PM, Xiaoyao Li wrote:
The upper 16 bits of kvm_userspace_memory_region::slot are
address space id. Parse it separately in trace_kvm_set_user_memory().
Hi QEMU maintainers,
I think this patch is simple and straightforward. Please take your time
to look at it.
Thanks
On 4/1/2022 6:36 PM, Philippe Mathieu-Daudé wrote:
On 1/4/22 07:28, Xiaoyao Li wrote:
On 4/1/2022 1:08 PM, Gerd Hoffmann wrote:
if (sev_enabled()) {
^^^
Can we remove the SEV check ...
+ pc_system_parse_ovmf_flash(ptr, size
On 4/1/2022 1:08 PM, Gerd Hoffmann wrote:
if (sev_enabled()) {
^^^
Can we remove the SEV check ...
+pc_system_parse_ovmf_flash(ptr, size);
+
+if (sev_enabled()) {
... because we are still checking SEV here.
Well, the two checks have
On 3/31/2022 5:00 PM, Daniel P. Berrangé wrote:
On Thu, Mar 31, 2022 at 04:51:27PM +0800, Xiaoyao Li wrote:
On 3/22/2022 5:27 PM, Daniel P. Berrangé wrote:
...
IMHO the AmdSev build for OVMF gets this right by entirely disabling
the split OVMF_CODE.fd vs OVMF_VARS.fd, and just having a single
On 3/22/2022 5:27 PM, Daniel P. Berrangé wrote:
...
IMHO the AmdSev build for OVMF gets this right by entirely disabling
the split OVMF_CODE.fd vs OVMF_VARS.fd, and just having a single
OVMF.fd file that is exposed read-only to the guest.
This is further represented in
On 3/24/2022 4:35 PM, Gerd Hoffmann wrote:
On Tue, Mar 22, 2022 at 01:20:24PM +0100, Gerd Hoffmann wrote:
Hi,
At the time I did try a gross hack that (IIRC) disabled the
rom_reset logic, and munged x86_bios_rom_init so that it would
force load it straight at the RAM location.
Sounds
On 3/10/2022 9:07 PM, Michael S. Tsirkin wrote:
On Thu, Mar 10, 2022 at 08:28:09PM +0800, Xiaoyao Li wrote:
For PIT, it's straightforward to merge microvm::pit and
pc_machine::pit_enabled into x86ms::pit
For PIC, move microvm::pic to x86ms:pic, which gives PC machine the
ability to dis-/en
On 3/24/2022 5:37 PM, Gerd Hoffmann wrote:
Hi,
#VE can be triggered in various situations. e.g., CPUID on some leaves, and
RD/WRMSR on some MSRs. #VE on pending page is just one of the sources, Linux
just wants to disable this kind of #VE since it wants to prevent unexpected
#VE during
On 3/24/2022 3:58 PM, Gerd Hoffmann wrote:
Hi,
Well, if persistent vars are not supported anyway there is little reason
to split the firmware into CODE and VARS files. You can use just use
OVMF.fd with a single pflash device. libvirt recently got support for
that.
Agreed.
The purpose
On 3/24/2022 3:57 PM, Gerd Hoffmann wrote:
On Thu, Mar 24, 2022 at 02:52:10PM +0800, Xiaoyao Li wrote:
On 3/22/2022 5:02 PM, Gerd Hoffmann wrote:
On Thu, Mar 17, 2022 at 09:58:49PM +0800, Xiaoyao Li wrote:
Add sept-ve-disable property for tdx-guest object. It's used to
configure bit 28 of TD
On 3/22/2022 5:02 PM, Gerd Hoffmann wrote:
On Thu, Mar 17, 2022 at 09:58:49PM +0800, Xiaoyao Li wrote:
Add sept-ve-disable property for tdx-guest object. It's used to
configure bit 28 of TD attributes.
What is this?
It seems this bit doesn't show up in the public spec yet.
Bit 28
On 3/22/2022 5:29 PM, Daniel P. Berrangé wrote:
On Tue, Mar 22, 2022 at 10:21:41AM +0100, Gerd Hoffmann wrote:
Hi,
If you don't need a pflash device, don't use it: simply map your nvram
region as ram in your machine. No need to clutter the pflash model like
that.
Using the pflash device
On 3/18/2022 10:07 PM, Philippe Mathieu-Daudé wrote:
Hi,
On 17/3/22 14:58, Xiaoyao Li wrote:
TDX VM needs to boot with Trust Domain Virtual Firmware (TDVF). Unlike
that OVMF is mapped as rom device, TDVF needs to be mapped as private
memory. This is because TDX architecture doesn't provide
On 3/19/2022 1:11 AM, Isaku Yamahata wrote:
On Thu, Mar 17, 2022 at 09:58:53PM +0800,
Xiaoyao Li wrote:
TDX only supports readonly for shared memory but not for private memory.
In the view of QEMU, it has no idea whether a memslot is used by shared
memory of private. Thus just mark
On 3/19/2022 12:56 AM, Isaku Yamahata wrote:
On Thu, Mar 17, 2022 at 09:58:46PM +0800,
Xiaoyao Li wrote:
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Signed-off
On 3/17/2022 9:59 PM, Xiaoyao Li wrote:
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 13
On 3/18/2022 10:08 AM, Isaku Yamahata wrote:
On Thu, Mar 17, 2022 at 09:58:43PM +0800,
Xiaoyao Li wrote:
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index e3b94373b316..bed337e5ba18 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -14,10 +14,77 @@
#include
On 3/19/2022 1:19 AM, Isaku Yamahata wrote:
On Thu, Mar 17, 2022 at 09:58:55PM +0800,
Xiaoyao Li wrote:
diff --git a/hw/i386/tdvf.c b/hw/i386/tdvf.c
new file mode 100644
index ..02da1d2c12dd
--- /dev/null
+++ b/hw/i386/tdvf.c
@@ -0,0 +1,196 @@
+/*
+ * SPDX-License-Identifier: GPL
On 3/19/2022 1:31 AM, Isaku Yamahata wrote:
On Thu, Mar 17, 2022 at 09:59:10PM +0800,
Xiaoyao Li wrote:
For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
by VMM, while the features enumerated/controlled by other MSRs except
MSR_IA32_UCODE_REV in kvm_init_msrs
On 3/19/2022 12:55 AM, Isaku Yamahata wrote:
On Thu, Mar 17, 2022 at 09:58:45PM +0800,
Xiaoyao Li wrote:
...
+void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg,
+ uint32_t *ret)
+{
+switch (function) {
+case 1:
+if (reg
On 3/18/2022 10:07 AM, Isaku Yamahata wrote:
On Thu, Mar 17, 2022 at 09:58:42PM +0800,
Xiaoyao Li wrote:
Introduce tdx_kvm_init() and invoke it in kvm_confidential_guest_init()
if it's a TDX VM. More initialization will be added later.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c
From: Isaku Yamahata
When level trigger isn't supported on x86 platform,
forcibly report edge trigger in acpi tables.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
hw/i386/acpi-build.c | 99 ---
hw/i386/acpi-common.c | 50
TDX CPU state is protected and thus vcpu state cann't be reset by VMM.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 4a8b6e2c8797..ccbafb4ca183 100644
--- a/target/i386
and error out if user wants PIC.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index ec6f5d7a2e48..6e9cb7178d25 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -321,6 +321,13
Christopherson
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 9c7eb3dea0a8..dafb63d4d2d7 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -4395,6 +4395,11 @@ int
QEMU needs to later copy the context of TDVF firmware to guest private
memory. So get the mem_ptr of CODE.fd and VARS.fd and store them in
tdx_guest object.
Signed-off-by: Xiaoyao Li
---
hw/i386/pc_sysfw.c | 20
include/hw/i386/tdvf.h | 4
target/i386/kvm
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 13 +
1 file changed, 13 insertions(+)
diff
For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
by VMM, while the features enumerated/controlled by other MSRs except
MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.
Only configure MSR_IA32_UCODE_REV for TDs.
Signed-off-by: Xiaoyao Li
---
target/i386
) are provided, metadata is
located in CODE.fd, which means pflash[0].
So parse TDVF on plash[0].
Signed-off-by: Xiaoyao Li
---
hw/i386/pc_sysfw.c | 21 ++---
target/i386/kvm/tdx-stub.c | 5 +
target/i386/kvm/tdx.c | 4
target/i386/kvm/tdx.h | 4
4
Invoke KVM_TDX_FINALIZE_VM to finalize the TD's measurement and make
the TD vCPUs runnable once machine initialization is complete.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index
From: Isaku Yamahata
TSC of TDs is not accessible and KVM doesn't allow access of
MSR_IA32_TSC for TDs. To avoid the assert() in kvm_get_tsc, make
kvm_synchronize_all_tsc() noop for TDs,
Signed-off-by: Isaku Yamahata
Reviewed-by: Connor Kuehl
Signed-off-by: Xiaoyao Li
---
target/i386/kvm
the firmware as RAM.
Note, this implies two things:
1. TDVF (OVMF) is not read-only (write-protected).
2. It doesn't support non-volatile UEFI variables as what pflash
supports that the change to non-volatile UEFI variables won't get
synced back to backend vars.fd file.
Signed-off-by: Xiaoyao Li
.
Signed-off-by: Xiaoyao Li
---
hw/i386/x86.c | 1 +
include/hw/i386/x86.h | 1 +
target/i386/kvm/tdx.c | 2 ++
3 files changed, 4 insertions(+)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 10a88faf4c0e..03101f1ba1dc 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -1347,6 +1347,7
From: Isaku Yamahata
TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 18 ++
1 file changed, 18
Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and pass it
to KVM_TDX_INIT_VM.
Besides, sanity check the tsc frequency to be in the legal range and
legal granularity (required by TDX module).
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 8
target/i386
-by: Isaku Yamahata
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
---
hw/i386/meson.build | 2 +-
hw/i386/tdvf-hob.c| 212 ++
hw/i386/tdvf-hob.h| 25 +
hw/i386/uefi.h| 198
TDX vcpu needs to be initialized by SEAMCALL(TDH.VP.INIT) and KVM
provides vcpu level IOCTL KVM_TDX_INIT_VCPU for it.
KVM_TDX_INIT_VCPU needs the address of the HOB as input. Invoke it for
each vcpu after HOB list is created.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 18
KVM doesn't allow wirting to MSR_IA32_APICBASE for TDs.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 480c05d6c969..9c7eb3dea0a8 100644
--- a/target/i386/kvm/kvm.c
+++ b/target
For QEMU VMs, PKS is configured via CPUID_7_0_ECX_PKS and PMU is
configured by x86cpu->enable_pmu. Reuse the existing configuration
interface for TDX VMs.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/target/i386/kvm/td
, specifically
starting from 0x80 (8M)
Signed-off-by: Xiaoyao Li
---
include/hw/i386/tdvf.h | 5 +
target/i386/kvm/tdx.c | 42 ++
2 files changed, 47 insertions(+)
diff --git a/include/hw/i386/tdvf.h b/include/hw/i386/tdvf.h
index 773bd39a3bff
these
ranges will be ADD'ed before TD runs and no need to be accepted runtime.
The TdxRamEntries[] are later used to setup the memory TD resource HOB
that passes memory info from QEMU to TDVF.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 99
Add docs/system/i386/tdx.rst for TDX support, and add tdx in
confidential-guest-support.rst
Signed-off-by: Xiaoyao Li
---
docs/system/confidential-guest-support.rst | 1 +
docs/system/i386/tdx.rst | 103 +
docs/system/target-i386.rst| 1
M and VCPU) in preparation.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 71 +++
1 file changed, 71 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index e3b94373b316..bed337e5ba18 100644
--- a/target/i386/kvm/tdx.c
+++ b/targe
KVM while TDX
wants to reuse pflash interface to load TDVF (as OVMF). Excuse TDX VM
for readonly check in pflash.
Signed-off-by: Xiaoyao Li
---
hw/i386/pc_sysfw.c| 2 +-
target/i386/kvm/tdx.c | 9 +
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/hw/i386/pc_sysfw.c b/hw
that is the offset of TDX metadata to the end
of firmware file.
Select X86_FW_OVMF when TDX is enable to leverage existing functions
to parse and search OVMF's GUID-ed structures.
Signed-off-by: Isaku Yamahata
Co-developed-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
---
hw/i386/Kconfig| 1 +
hw
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g., debug bit, that it will be allowed in the future when debug
TD support lands in QEMU.
Signed-off-by: Xiaoyao
Introduce tdx_kvm_init() and invoke it in kvm_confidential_guest_init()
if it's a TDX VM. More initialization will be added later.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 15 ++-
target/i386/kvm/meson.build | 2 +-
target/i386/kvm/tdx-stub.c | 9
ote, this doesn't address the fact that QEMU may change the CPUID
configuration when creating vCPUs, i.e. punts on refactoring QEMU to
provide a stable CPUID config prior to kvm_arch_init().
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c| 9 ++-
target/i386/kvm/kvm.c |
Add sept-ve-disable property for tdx-guest object. It's used to
configure bit 28 of TD attributes.
Signed-off-by: Xiaoyao Li
---
qapi/qom.json | 5 -
target/i386/kvm/tdx.c | 24
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/qapi/qom.json b
guest tsc for TDs
Sean Christopherson (2):
i386/kvm: Move architectural CPUID leaf generation to separate helper
i386/tdx: Don't get/put guest state for TDX VMs
Xiaoyao Li (30):
*** HACK *** linux-headers: Update headers to pull in TDX API changes
i386: Introduce tdx-guest object
target
From: Sean Christopherson
Move the architectural (for lack of a better term) CPUID leaf generation
to a separate helper so that the generation code can be reused by TDX,
which needs to generate a canonical VM-scoped configuration.
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
It will need special handling for TDX VMs all around the QEMU.
Introduce is_tdx_vm() helper to query if it's a TDX VM.
Cache tdx_guest object thus no need to cast from ms->cgs every time.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 10 ++
target/i386/kvm/tdx.h |
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c| 7 +++
include/sysemu/kvm.h | 1 +
target/arm/kvm64.c
needs to be caped by tdx_caps, because
KVM uses them to setup XFAM of TD.
Introduce tdx_get_supported_cpuid() to adjust the
kvm_arch_get_supported_cpuid() for TDX VM.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.h | 5 +
target/i386/kvm/kvm.c | 4
target/i386/kvm/tdx.c | 39
dx0,...
it parses VM type as KVM_X86_TDX_VM. Otherwise, it's KVM_X86_DEFAULT_VM.
Signed-off-by: Xiaoyao Li
---
hw/i386/x86.c | 6 ++
target/i386/kvm/kvm.c | 30 ++
target/i386/kvm/kvm_i386.h | 1 +
3 files changed, 37 insertions(+)
diff --git a
Pull in recent TDX updates, which are not backwards compatible.
It's just to make this series runnable. It will be updated by script
scripts/update-linux-headers.sh
once TDX support is upstreamed in linux kernel.
Signed-off-by: Xiaoyao Li
Co-developed-by: Sean Christopherson
Signed
and not
configurable so far.
Signed-off-by: Xiaoyao Li
---
configs/devices/i386-softmmu/default.mak | 1 +
hw/i386/Kconfig | 5 +++
qapi/qom.json| 14 +
target/i386/kvm/meson.build | 2 ++
target/i386/kvm/tdx.c| 40
Introduce a separate function kvm_confidential_guest_init() for SEV (and
future TDX).
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 11 ++-
target/i386/sev.c | 1 -
target/i386/sev.h | 2 ++
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/target/i386
On 3/10/2022 9:07 PM, Michael S. Tsirkin wrote:
On Thu, Mar 10, 2022 at 08:28:09PM +0800, Xiaoyao Li wrote:
For PIT, it's straightforward to merge microvm::pit and
pc_machine::pit_enabled into x86ms::pit
For PIC, move microvm::pic to x86ms:pic, which gives PC machine the
ability to dis-/en
to 2048c4eba2b4 ("Merge remote-tracking branch
'remotes/philmd/tags/pmbus-20220308' into staging")
Xiaoyao Li (2):
hw/i386: Make pit a property of common x86 base machine type
hw/i386: Make pic a property of common x86 base machine type
hw/i386/microvm.c
The upper 16 bits of kvm_userspace_memory_region::slot are
address space id. Parse it separately in trace_kvm_set_user_memory().
Signed-off-by: Xiaoyao Li
---
Resend:
- rebase to 2048c4eba2b4 ("Merge remote-tracking branch
'remotes/philmd/tags/pmbus-20220308' into staging")
---
acc
x86 machine type. Hence all x86
machines, including microvm, can disable it.
Signed-off-by: Xiaoyao Li
Reviewed-by: Sergio Lopez
---
hw/i386/microvm.c | 27 +--
hw/i386/pc_piix.c | 4 +++-
hw/i386/pc_q35.c | 4 +++-
hw/i386/x86.c | 25
Both pc and microvm have pit property individually. Let's just make it
the property of common x86 base machine type.
Signed-off-by: Xiaoyao Li
Reviewed-by: Sergio Lopez
---
hw/i386/microvm.c | 27 +--
hw/i386/pc.c | 24 +++-
hw
ping.
On 1/11/2022 3:35 PM, Xiaoyao Li wrote:
For PIT, it's straightforward to merge microvm::pit and
pc_machine::pit_enabled into x86ms::pit
For PIC, move microvm::pic to x86ms:pic, which gives PC machine the
ability to dis-/en-able PIC and it's the preparation for future TDX
support
kindly ping.
On 1/4/2022 10:35 AM, Xiaoyao Li wrote:
The upper 16 bits of kvm_userspace_memory_region::slot are
address space id. Parse it separately in trace_kvm_set_user_memory().
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c| 5 +++--
accel/kvm/trace-events | 2 +-
2 files
On 1/25/2022 3:42 PM, Gerd Hoffmann wrote:
Regarding what interface should be used to load TDVF, there are three
options:
1) pflash: the same as how we load OVMF.
Suppose TDVF support will finally get into OVMF, using this
interface, it's full compatible with normal VMs. No change
On 1/10/2022 7:01 PM, Gerd Hoffmann wrote:
Regarding pflash itself, the read-only KVM memslot is required for it.
Otherwise pflash cannot work as a "ROMD device" (= you can't flip it
back and forth between ROM mode and programming (MMIO) mode).
We don't need Read-only mode for TDVF so far. If
+ Paolo
On 1/11/2022 3:35 PM, Xiaoyao Li wrote:
Both pc and microvm have pit property individually. Let's just make it
the property of common x86 base machine type.
Signed-off-by: Xiaoyao Li
---
hw/i386/microvm.c | 27 +--
hw/i386/pc.c | 24
+ Paolo
On 1/11/2022 3:35 PM, Xiaoyao Li wrote:
Legacy PIC (8259) cannot be supported for TDX guests since TDX module
doesn't allow directly interrupt injection. Using posted interrupts
for the PIC is not a viable option as the guest BIOS/kernel will not
do EOI for PIC IRQs, i.e. will leave
x86 machine type. Hence all x86
machines, including microvm, can disable it.
Signed-off-by: Xiaoyao Li
---
hw/i386/microvm.c | 27 +--
hw/i386/pc_piix.c | 4 +++-
hw/i386/pc_q35.c | 4 +++-
hw/i386/x86.c | 25
For PIT, it's straightforward to merge microvm::pit and
pc_machine::pit_enabled into x86ms::pit
For PIC, move microvm::pic to x86ms:pic, which gives PC machine the
ability to dis-/en-able PIC and it's the preparation for future TDX
support.
Xiaoyao Li (2):
hw/i386: Make pit a property
Both pc and microvm have pit property individually. Let's just make it
the property of common x86 base machine type.
Signed-off-by: Xiaoyao Li
---
hw/i386/microvm.c | 27 +--
hw/i386/pc.c | 24 +++-
hw/i386/x86.c | 25
On 1/10/2022 7:01 PM, Gerd Hoffmann wrote:
If you go without pflash, then you likely will not have a
standards-conformant UEFI variable store. (Unless you reimplement the
variable arch protocols in edk2 on top of something else than the Fault
Tolerant Write and Firmware Volume Block protocols.)
On 1/10/2022 7:18 PM, Daniel P. Berrangé wrote:
On Wed, Nov 24, 2021 at 03:31:13PM +0800, Xiaoyao Li wrote:
On 8/26/2021 6:22 PM, Gerd Hoffmann wrote:
On Wed, Jul 07, 2021 at 05:54:36PM -0700, isaku.yamah...@gmail.com wrote:
From: Xiaoyao Li
Introduce a machine property, kvm-type, to allow
On 1/7/2022 12:06 AM, Laszlo Ersek wrote:
On 01/04/22 14:08, Xiaoyao Li wrote:
+ Laszlo,
Regarding laoding TDVF as pflash, I have some questions:
- pflash requires KVM to support readonly mmeory. However, for TDX, it
doesn't support readonly memory. Is it a must? or we can make an
exception
On 8/26/2021 7:18 PM, Gerd Hoffmann wrote:
+int load_tdvf(const char *filename)
+{
+for_each_fw_entry(fw, entry) {
+if (entry->address < x86ms->below_4g_mem_size ||
+entry->address > 4 * GiB) {
+tdvf_init_ram_memory(ms, entry);
+} else {
+
Remove qemu_run_machine_init_done_notifiers() since no implementation
and user.
Signed-off-by: Xiaoyao Li
---
include/sysemu/sysemu.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 8fae667172ac..b9421e03ffdd 100644
--- a/include/sysemu
701 - 800 of 871 matches
Mail list logo
