[PATCH v5 04/16] hw/i386: Add igvm-cfg object and processing for IGVM fi

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v5 04/16] hw/i386: Add igvm-cfg object and processing for IGVM fi

From:	Roy Hopkins
Subject:	[PATCH v5 04/16] hw/i386: Add igvm-cfg object and processing for IGVM files
Date:	Tue, 13 Aug 2024 16:01:06 +0100

An IGVM file contains configuration of guest state that should be
applied during configuration of the guest, before the guest is started.

This patch allows the user to add an igvm-cfg object to an X86 machine
configuration that allows an IGVM file to be configured that will be
applied to the guest before it is started.

If an IGVM configuration is provided then the IGVM file is processed at
the end of the board initialization, before the state transition to
PHASE_MACHINE_INITIALIZED.

Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/i386/pc.c          | 12 ++++++++++++
 hw/i386/pc_piix.c     | 10 ++++++++++
 hw/i386/pc_q35.c      | 10 ++++++++++
 include/hw/i386/x86.h |  3 +++
 qemu-options.hx       | 25 +++++++++++++++++++++++++
 5 files changed, 60 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index c74931d577..30bbe05e3e 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1827,6 +1827,18 @@ static void pc_machine_class_init(ObjectClass *oc, void 
*data)
     object_class_property_add_bool(oc, "fd-bootchk",
         pc_machine_get_fd_bootchk,
         pc_machine_set_fd_bootchk);
+
+#if defined(CONFIG_IGVM)
+    object_class_property_add_link(oc, "igvm-cfg",
+                                   TYPE_IGVM_CFG,
+                                   offsetof(X86MachineState, igvm),
+                                   object_property_allow_set_link,
+                                   OBJ_PROP_LINK_STRONG);
+    object_class_property_set_description(oc, "igvm-cfg",
+                                          "Set IGVM configuration");
+#endif
+
+
 }
 
 static const TypeInfo pc_machine_info = {
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index d9e69243b4..78367985b4 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -365,6 +365,16 @@ static void pc_init1(MachineState *machine, const char 
*pci_type)
                                x86_nvdimm_acpi_dsmio,
                                x86ms->fw_cfg, OBJECT(pcms));
     }
+
+#if defined(CONFIG_IGVM)
+    /* Apply guest state from IGVM if supplied */
+    if (x86ms->igvm) {
+        if (IGVM_CFG_GET_CLASS(x86ms->igvm)
+                ->process(x86ms->igvm, machine->cgs, &error_fatal) < 0) {
+            g_assert_not_reached();
+        }
+    }
+#endif
 }
 
 typedef enum PCSouthBridgeOption {
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 9d108b194e..08ef8dc17a 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -329,6 +329,16 @@ static void pc_q35_init(MachineState *machine)
                                x86_nvdimm_acpi_dsmio,
                                x86ms->fw_cfg, OBJECT(pcms));
     }
+
+#if defined(CONFIG_IGVM)
+    /* Apply guest state from IGVM if supplied */
+    if (x86ms->igvm) {
+        if (IGVM_CFG_GET_CLASS(x86ms->igvm)
+                ->process(x86ms->igvm, machine->cgs, &error_fatal) < 0) {
+            g_assert_not_reached();
+        }
+    }
+#endif
 }
 
 #define DEFINE_Q35_MACHINE(major, minor) \
diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
index d43cb3908e..01ac29acf6 100644
--- a/include/hw/i386/x86.h
+++ b/include/hw/i386/x86.h
@@ -25,6 +25,7 @@
 #include "hw/intc/ioapic.h"
 #include "hw/isa/isa.h"
 #include "qom/object.h"
+#include "sysemu/igvm-cfg.h"
 
 struct X86MachineClass {
     /*< private >*/
@@ -97,6 +98,8 @@ struct X86MachineState {
      * which means no limitation on the guest's bus locks.
      */
     uint64_t bus_lock_ratelimit;
+
+    IgvmCfg *igvm;
 };
 
 #define X86_MACHINE_SMM              "smm"
diff --git a/qemu-options.hx b/qemu-options.hx
index cee0da2014..b6eee49075 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5927,6 +5927,31 @@ SRST
                  -machine ...,memory-encryption=sev0 \\
                  .....
 
+    ``-object igvm-cfg,file=file``
+        Create an IGVM configuration object that defines the initial state
+        of the guest using a file in that conforms to the Independent Guest
+        Virtual Machine (IGVM) file format.
+
+        The ``file`` parameter is used to specify the IGVM file to load.
+        When provided, the IGVM file is used to populate the initial
+        memory of the virtual machine and, depending on the platform, can
+        define the initial processor state, memory map and parameters.
+
+        The IGVM file is expected to contain the firmware for the virtual
+        machine, therefore an ``igvm-cfg`` object cannot be provided along
+        with other ways of specifying firmware, such as the ``-bios``
+        parameter on x86 machines.
+
+        e.g to launch a machine providing the firmware in an IGVM file
+
+        .. parsed-literal::
+
+             # |qemu_system_x86| \\
+                 ...... \\
+                 -object igvm-cfg,id=igvm0,file=bios.igvm \\
+                 -machine ...,igvm-cfg=igvm0 \\
+                 .....
+
     ``-object authz-simple,id=id,identity=string``
         Create an authorization object that will control access to
         network services.
-- 
2.43.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v5 00/16] Introduce support for IGVM files, Roy Hopkins, 2024/08/13
- [PATCH v5 01/16] meson: Add optional dependency on IGVM library, Roy Hopkins, 2024/08/13
  - Re: [PATCH v5 01/16] meson: Add optional dependency on IGVM library, Daniel P . Berrangé, 2024/08/19
- [PATCH v5 05/16] i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM, Roy Hopkins, 2024/08/13
- [PATCH v5 06/16] sev: Update launch_update_data functions to use Error handling, Roy Hopkins, 2024/08/13
  - Re: [PATCH v5 06/16] sev: Update launch_update_data functions to use Error handling, Gupta, Pankaj, 2024/08/14
- [PATCH v5 03/16] backends/igvm: Add IGVM loader and configuration, Roy Hopkins, 2024/08/13
- [PATCH v5 07/16] target/i386: Allow setting of R_LDTR and R_TR with cpu_x86_load_seg_cache(), Roy Hopkins, 2024/08/13
- [PATCH v5 02/16] backends/confidential-guest-support: Add functions to support IGVM, Roy Hopkins, 2024/08/13
- [PATCH v5 04/16] hw/i386: Add igvm-cfg object and processing for IGVM files, Roy Hopkins <=
- [PATCH v5 08/16] i386/sev: Refactor setting of reset vector and initial CPU state, Roy Hopkins, 2024/08/13
- [PATCH v5 09/16] i386/sev: Implement ConfidentialGuestSupport functions for SEV, Roy Hopkins, 2024/08/13
- [PATCH v5 13/16] backends/igvm: Process initialization sections in IGVM file, Roy Hopkins, 2024/08/13
- [PATCH v5 14/16] backends/igvm: Handle policy for SEV guests, Roy Hopkins, 2024/08/13
- [PATCH v5 11/16] docs/interop/firmware.json: Add igvm to FirmwareDevice, Roy Hopkins, 2024/08/13
- [PATCH v5 15/16] i386/sev: Add implementation of CGS set_guest_policy(), Roy Hopkins, 2024/08/13
- [PATCH v5 12/16] backends/confidential-guest-support: Add set_guest_policy() function, Roy Hopkins, 2024/08/13
- [PATCH v5 16/16] sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2, Roy Hopkins, 2024/08/13
- [PATCH v5 10/16] docs/system: Add documentation on support for IGVM, Roy Hopkins, 2024/08/13

Prev by Date: [PATCH v5 02/16] backends/confidential-guest-support: Add functions to support IGVM
Next by Date: [PATCH v5 08/16] i386/sev: Refactor setting of reset vector and initial CPU state
Previous by thread: [PATCH v5 02/16] backends/confidential-guest-support: Add functions to support IGVM
Next by thread: [PATCH v5 08/16] i386/sev: Refactor setting of reset vector and initial CPU state
Index(es):
- Date
- Thread