[kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture

Itaru Kitayama itaru.kitayama at linux.dev
Wed Apr 10 09:17:28 PDT 2024


Hi Suzuki,

On Fri, Apr 12, 2024 at 11:33:35AM +0100, Suzuki K Poulose wrote:
> This series adds support for running the kvm-unit-tests in the Arm CCA reference
> software architecture.
> 
> 
> The changes involve enlightening the boot/setup code with the Realm Service Interface
> (RSI). The series also includes new test cases that exercise the RSI calls.
> 
> Currently we only support "kvmtool" as the VMM for running Realms. There was
> an attempt to add support for running the test scripts using with kvmtool here [1],
> which hasn't progressed. It would be good to have that resolved, so that we can
> run all the tests without manually specifying the commandlines for each run.
> 
> For the purposes of running the Realm specific tests, we have added a "temporary"
> script "run-realm-tests" until the kvmtool support is added. We do not expect
> this to be merged.
> 
> 
> Base Realm Support
> -------------------
> 
> Realm IPA Space
> ---------------
> When running on in Realm world, the (Guest) Physical Address - aka Intermediate
> Physical Address (IPA) in Arm terminology - space of the VM is split into two halves,
> protected (lower half) and un-protected (upper half). A protected IPA will
> always map pages in the "realm world" and  the contents are not accessible to
> the host. An unprotected IPA on the other hand can be mapped to page in the
> "normal world" and thus shared with the host. All host emulated MMIO ranges must
> be in unprotected IPA space.
> 
> Realm can query the Realm Management Monitor for the configuration via RSI call
> (RSI_REALM_CONFIG) and identify the "boundary" of the "IPA" split.
> 
> As far as the hyp/VMM is concerned, there is only one "IPA space" (the lower
> half) of memory map. The "upper half" is "unprotected alias" of the memory map.
> 
> In the guest, this is achieved by "treating the MSB (1 << (IPA_WIDTH - 1))" as
> a protection attribute (we call it - PTE_NS_SHARED), where the Realm applies this
> to any address, it thinks is acccessed/managed by host (e.g., MMIO, shared pages).
> Given that this is runtime variable (but fixed for a given Realm), uses a
> variable to track the value.
> 
> All I/O regions are marked as "shared". Care is taken to ensure I/O access (uart)
> with MMU off uses the "Unprotected Physical address".
> 
> 
> Realm IPA State
> ---------------
> Additionally, each page (4K) in the protected IPA space has a state associated
> (Realm IPA State - RIPAS) with it. It is either of :
>    RIPAS_EMPTY
>    RIPAS_RAM
> 
> Any IPA backed by RAM, must be marked as RIPAS_RAM before an access is made to
> it. The hypervisor/VMM does this for the initial image loaded into the Realm
> memory before the Realm starts execution. Given the kvm-unit-test flat files do
> not contain a metadata header (e.g., like the arm64 Linux kernel Image),
> indicating the "actual image size in memory", the VMM cannot transition the
> area towards the end of the image (e.g., bss, stack) which are accessed very
> early during boot. Thus the early boot assembly code will mark the area upto
> the stack as RAM.
> 
> Once we land in the C code, we mark target relocation area for FDT and
> initrd as RIPAS_RAM. At this point, we can scan the FDT and mark all RAM memory
> blocks as RIPAS_RAM.
> 
> TODO: It would be good to add an image header to the flat files indicating the
> size, which can take the burden off doing the early assembly boot code RSI calls.
> 
> Shared Memory support
> ---------------------
> Given the "default" memory of a VM is not accessible to host, we add new page
> alloc/free routines for "memory shared" with the host. e.g., GICv3-ITS must use
> shared pages for ITS emulation.
> 
> RSI Test suites
> --------------
> There are new testcases added to exercise the RSI interfaces and the RMM flows.
> 
> Attestation and measurement services related RSI tests require parsing tokens
> and claims returned by the RMM. This is achieved with the help of QCBOR library
> [2], which is added as a submodule to the project. We have also added a wrapper
> library - libtokenverifier - around the QCBOR to parse the tokens according to
> the RMM specifications.
> 
> Running Arm CCA Stack
> -------------------
> 
> See more details on Arm CCA and how to build/run the entire stack here[0]
> The easiest way to run the Arm CCA stack is using shrinkwrap and the details
> are available in [0].
> 
> 
> The patches are also available here :
> 
>  https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca cca/v1
> 
> 
> Changes since rfc:
>   [ https://lkml.kernel.org/r/20230127114108.10025-1-joey.gouly@arm.com ]
>   - Add support for RMM-v1.0-EAC5, changes to RSI ABIs
>   - Some hardening checks (FDT overlapping the BSS sections)
>   - Selftest for memory stress
>   - Enable PMU/SVE tests for Realms
> 
>  [0] https://lkml.kernel.org/r/20240412084056.1733704-1-steven.price@arm.com
>  [1] https://lkml.kernel.org/r/20210702163122.96110-1-alexandru.elisei@arm.com
>  [2] https://github.com/laurencelundblade/QCBOR
> 
> Alexandru Elisei (3):
>   arm64: Expand SMCCC arguments and return values
>   arm: selftest: realm: skip pabt test when running in a realm
>   NOT-FOR-MERGING: add run-realm-tests
> 
> Djordje Kovacevic (1):
>   arm: realm: Add tests for in realm SEA
> 
> Gareth Stockwell (1):
>   arm: realm: add hvc and RSI_HOST_CALL tests
> 
> Jean-Philippe Brucker (1):
>   arm: Move io_init after vm initialization
> 
> Joey Gouly (10):
>   arm: Make physical address mask dynamic
>   arm64: Introduce NS_SHARED PTE attribute
>   arm: realm: Add RSI interface header
>   arm: realm: Make uart available before MMU is enabled
>   arm: realm: Add RSI version test
>   arm64: add ESR_ELx EC.SVE
>   arm64: enable SVE at startup
>   arm64: selftest: add realm SVE VL test
>   lib/alloc_page: Add shared page allocation support
>   arm: Add memtest support
> 
> Mate Toth-Pal (2):
>   arm: Add a library to verify tokens using the QCBOR library
>   arm: realm: Add Realm attestation tests
> 
> Subhasish Ghosh (1):
>   arm: realm: Add test for FPU/SIMD context save/restore
> 
> Suzuki K Poulose (14):
>   arm: Add necessary header files in asm/pgtable.h
>   arm: Detect FDT overlap with uninitialised data
>   arm: realm: Realm initialisation
>   arm: realm: Add support for changing the state of memory
>   arm: realm: Set RIPAS state for RAM
>   arm: realm: Early memory setup
>   arm: gic-v3-its: Use shared pages wherever needed
>   arm: realm: Enable memory encryption
>   qcbor: Add QCBOR as a submodule
>   arm: Add build steps for QCBOR library
>   arm: realm: add RSI interface for attestation measurements
>   arm: realm: Add helpers to decode RSI return codes
>   arm: realm: Add Realm attestation tests
>   arm: realm: Add a test for shared memory
> 
>  .gitmodules                         |    3 +
>  arm/Makefile.arm64                  |   25 +-
>  arm/cstart.S                        |   49 +-
>  arm/cstart64.S                      |  154 +++-
>  arm/fpu.c                           |  424 +++++++++
>  arm/realm-attest.c                  | 1251 +++++++++++++++++++++++++++
>  arm/realm-ns-memory.c               |   86 ++
>  arm/realm-rsi.c                     |  159 ++++
>  arm/realm-sea.c                     |  143 +++
>  arm/run-realm-tests                 |  112 +++
>  arm/selftest.c                      |  138 ++-
>  arm/unittests.cfg                   |   96 +-
>  lib/alloc_page.c                    |   20 +-
>  lib/alloc_page.h                    |   24 +
>  lib/arm/asm/arm-smccc.h             |   44 +
>  lib/arm/asm/io.h                    |    6 +
>  lib/arm/asm/pgtable.h               |    9 +
>  lib/arm/asm/psci.h                  |   13 +-
>  lib/arm/asm/rsi.h                   |   21 +
>  lib/arm/asm/sve-vl-test.h           |    9 +
>  lib/arm/gic-v3.c                    |    6 +-
>  lib/arm/io.c                        |   24 +-
>  lib/arm/mmu.c                       |   80 +-
>  lib/arm/psci.c                      |   19 +-
>  lib/arm/setup.c                     |   26 +-
>  lib/arm64/asm/arm-smccc.h           |    6 +
>  lib/arm64/asm/esr.h                 |    1 +
>  lib/arm64/asm/io.h                  |    6 +
>  lib/arm64/asm/pgtable-hwdef.h       |    6 -
>  lib/arm64/asm/pgtable.h             |   20 +
>  lib/arm64/asm/processor.h           |   34 +
>  lib/arm64/asm/rsi.h                 |   89 ++
>  lib/arm64/asm/smc-rsi.h             |  173 ++++
>  lib/arm64/asm/sve-vl-test.h         |   28 +
>  lib/arm64/asm/sysreg.h              |    7 +
>  lib/arm64/gic-v3-its.c              |    6 +-
>  lib/arm64/processor.c               |    1 +
>  lib/arm64/rsi.c                     |  188 ++++
>  lib/asm-generic/io.h                |   12 +
>  lib/libcflat.h                      |    1 +
>  lib/qcbor                           |    1 +
>  lib/token_verifier/attest_defines.h |   50 ++
>  lib/token_verifier/token_dumper.c   |  157 ++++
>  lib/token_verifier/token_dumper.h   |   15 +
>  lib/token_verifier/token_verifier.c |  591 +++++++++++++
>  lib/token_verifier/token_verifier.h |   77 ++
>  46 files changed, 4355 insertions(+), 55 deletions(-)
>  create mode 100644 .gitmodules
>  create mode 100644 arm/fpu.c
>  create mode 100644 arm/realm-attest.c
>  create mode 100644 arm/realm-ns-memory.c
>  create mode 100644 arm/realm-rsi.c
>  create mode 100644 arm/realm-sea.c
>  create mode 100755 arm/run-realm-tests
>  create mode 100644 lib/arm/asm/arm-smccc.h
>  create mode 100644 lib/arm/asm/rsi.h
>  create mode 100644 lib/arm/asm/sve-vl-test.h
>  create mode 100644 lib/arm64/asm/arm-smccc.h
>  create mode 100644 lib/arm64/asm/rsi.h
>  create mode 100644 lib/arm64/asm/smc-rsi.h
>  create mode 100644 lib/arm64/asm/sve-vl-test.h
>  create mode 100644 lib/arm64/rsi.c
>  create mode 160000 lib/qcbor
>  create mode 100644 lib/token_verifier/attest_defines.h
>  create mode 100644 lib/token_verifier/token_dumper.c
>  create mode 100644 lib/token_verifier/token_dumper.h
>  create mode 100644 lib/token_verifier/token_verifier.c
>  create mode 100644 lib/token_verifier/token_verifier.h

Thanks for the update! I'll go through the series one by one in the
coming weeks. Just curious one thing - do you guys wish to add Realm tests to the kvm-unit-test package, but not to kselftests?

Thanks,
Itaru.

> 
> -- 
> 2.34.1
> 



More information about the linux-arm-kernel mailing list