From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.web11.23122.1683280294561847575 for ; Fri, 05 May 2023 02:51:34 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@linaro.org header.s=google header.b=lNJS9sbX; spf=pass (domain: linaro.org, ip: 209.85.221.48, mailfrom: jean-philippe@linaro.org) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-2fc3f1d6f8cso1019224f8f.3 for ; Fri, 05 May 2023 02:51:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1683280293; x=1685872293; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=C5zQ68tnsMRZXb+N+rHJfia5ckdg6zk3WQ4+YBZE9LM=; b=lNJS9sbXrdjYY7e3CaZkkViUDFlxmxLNOlxY9/vuQgaEYjXCh8y/bLV/kwiExmB9mh iFDtQvchVNgM3CFg8+g4ADCPZuWfvq0J2t8VzFPMPPxIoZNi1KomGuclX7tj3WSWNsuM YLM1SC8tfFBPUMOygl0JD5a1ZGHRbymZXJkhMhP9GntpFTU4PIZAKMV521Mn7YiXnx6n qshQOGkB5RrHRJ8EV+R0KkkztSmOIfqx/2/MxPUXajsrp1DjjofzlkkxIbTlQFMfYfBM 19RtjomzdoXQmUfNcu3kNuAltm7E2tPty2LoTf0xEgvgbfAZwu7LFKZRAjU8sWwDrxAc VO7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683280293; x=1685872293; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=C5zQ68tnsMRZXb+N+rHJfia5ckdg6zk3WQ4+YBZE9LM=; b=hXty8e5kztMkHVHOVtjNZC8Lexq0y+EhJxQSyhGmHD6FH12ZQVvSejwpZut2up2UyN UrTpHxPUHBf0So5W9tnyZCEYFhY+FuDh4bYnpTTqW/Xvt/abycFdk1uvEf7NrG8SRBfG o8+nBgJydzH1hlKZmf4/Nc4f8UcYDeWoCk+RwytC//DWueYsbwu18yCKfaqDdbNaZ/Xa /UshxWKdw+/z0u9llrPEJmCob1T1VxcmQIjT35C+oLk+R0caaHZYs0ZsUk50J4uzXTqW JnC19okDRZo0Al3mYHOM65VOWByDkD/BOpcQvF9NIbS/2uZBtXamTElYJ5XEd/Zoqg94 soHg== X-Gm-Message-State: AC+VfDzUxLNQEgNubNCqkGklB70jPH7K3ZmgyZm7eDjkpmzSv1TEaThD 1ujATnAPggkpjt0ezY5F1DKjKA== X-Google-Smtp-Source: ACHHUZ6+1K26Tqq0SWV1qFvRfR2MtTD6AfzkqkBc+HnbLd0UQu20ydFFHxs3qD//PGTIkpNXJhQx7Q== X-Received: by 2002:a5d:40cd:0:b0:2fb:aa2f:3e50 with SMTP id b13-20020a5d40cd000000b002fbaa2f3e50mr1010237wrq.59.1683280292951; Fri, 05 May 2023 02:51:32 -0700 (PDT) Return-Path: Received: from myrica (054592b0.skybroadband.com. [5.69.146.176]) by smtp.gmail.com with ESMTPSA id v10-20020a5d610a000000b0030647449730sm1852343wrt.74.2023.05.05.02.51.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 May 2023 02:51:32 -0700 (PDT) Date: Fri, 5 May 2023 10:51:26 +0100 From: "Jean-Philippe Brucker" To: Ard Biesheuvel Cc: Sami Mujawar , devel@edk2.groups.io, quic_llindhol@quicinc.com, kraxel@redhat.com, julien@xen.org, michael.d.kinney@intel.com, gaoliming@byosoft.com.cn, zhiguang.liu@intel.com, Pierre.Gondois@arm.com, Suzuki.Poulose@arm.com, Ryan.Roberts@arm.com, Matteo.Carlini@arm.com, Akanksha.Jain2@arm.com, Ben.Adderson@arm.com, nd@arm.com Subject: Re: [RFC PATCH v1 00/30] Support for Arm CCA guest firmware Message-ID: <20230505095126.GA3067050@myrica> References: <20230425160428.27980-1-sami.mujawar@arm.com> <20230504151301.GA2861881@myrica> MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, May 04, 2023 at 05:36:32PM +0200, Ard Biesheuvel wrote: > On Thu, 4 May 2023 at 17:13, Jean-Philippe Brucker > wrote: > > > > Hello, > > > > On Tue, Apr 25, 2023 at 05:03:58PM +0100, Sami Mujawar wrote: > > > We are happy to announce an early RFC version of the Arm Confidential > > > Compute Architecture (CCA) support for the Kvmtool guest firmware. > > > The intention is to seek early feedback in the following areas: > > > * Integration of the Arm CCA in ArmVirtPkg > > > * Generalise the operations wherever possible with other Confidential > > > Compute solutions and Virtual Machine Managers (VMMs) > > > > Experimental support for ArmVirtQemu is available at [1]. Most of it > > simply includes Sami's libraries into ArmVirtQemu, but there are a few > > things specific to QEMU, one of which I still haven't figured out. > > > > The early debug support in PEI is problematic. A realm must access the > > emulated serial port through unprotected Intermediate Physical Address > > (IPA aka GPA) which is the upper half of the IPA space. The IPA address > > must have the most significant bit set. Once the MMU is enabled and > > ArmCcaConfigureMmio() runs, the page tables point to the right IPA so > > there is no problem. Before that however, EarlyFdtPL011SerialPortLib would > > need to access the device using the unprotected IPA address. So far I > > haven't managed to implement this, so the early serial debug is just > > disabled. > > > > Did you spot the changes I made recently for booting at EL1 with hard > coded [initial] page tables in flash? It seems to me that mapping the > serial port in there shouldn't be that hard. Ah I did but I had misunderstood your change, it does set a TTBR right at the beginning in ArmPlatformPeiBootAction. Although we can't hardcode the serial port mapping (because its address in a Realm depends on the IPA width which varies across VM configurations), I can probably patch it early enough. Thanks, Jean