From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.53647.1683214607267920974 for ; Thu, 04 May 2023 08:36:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=P76n7kny; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B0B1F6352C for ; Thu, 4 May 2023 15:36:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1F6ACC4339C for ; Thu, 4 May 2023 15:36:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683214606; bh=kGdrY6Bfa+OX5Q5kg2znqQFoj1Bbp9CTwqZ6JpNQ0uk=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=P76n7kny84ZoHukwsyl6CzuSx1Lz1/Rj9B46QoLC/6/LXzZ7VVqvMG96tVcO9DcQe ToMbrR/2X/XR6XVES0I71jiVV5L2MUN7DbKDhG6Km6JopamOXknoRqq9ZnSxNq9KAS Fu9rp4lRANfwhFkSJh6N2s0VNUZWJiCAvRT/XZ2uMYKVyGdeXE8ux7XyldBylCjH5W Zc2A9YNS6JVTfg3P1BQg0p2Ib6LeSQJBAG5/pCx7mdubtDsYdtUpDHa/uMpPQwwdem vuFMFUvU08ZZv9AuNs54PUCv3E3qTKWAGscV3Pl/lEpnuCnlllX27j6sohOwa2NfIk G4co+Fi6Wo43g== Received: by mail-lj1-f181.google.com with SMTP id 38308e7fff4ca-2ac80ed7f26so6910251fa.1 for ; Thu, 04 May 2023 08:36:45 -0700 (PDT) X-Gm-Message-State: AC+VfDyUVdaY0wZqM/8pkHZoXFzUM7Lgod2q7ijXf0U8K8K6qsk1Evn9 iBDqnZBxtvIc6IYa7kFgMCJ0rhkVJlw5+0S63Ec= X-Google-Smtp-Source: ACHHUZ5efwWGAsKZ7jslCQn2F2ZUD8IatJnmr+YEy6oRjUKUkIhrCnKmdD6aUoNreRiUC6L/AS5SDwh97ZmEg8Y09Tc= X-Received: by 2002:a2e:968a:0:b0:2a6:18c0:2b35 with SMTP id q10-20020a2e968a000000b002a618c02b35mr1246487lji.0.1683214604113; Thu, 04 May 2023 08:36:44 -0700 (PDT) MIME-Version: 1.0 References: <20230425160428.27980-1-sami.mujawar@arm.com> <20230504151301.GA2861881@myrica> In-Reply-To: <20230504151301.GA2861881@myrica> From: "Ard Biesheuvel" Date: Thu, 4 May 2023 17:36:32 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v1 00/30] Support for Arm CCA guest firmware To: Jean-Philippe Brucker Cc: Sami Mujawar , devel@edk2.groups.io, quic_llindhol@quicinc.com, kraxel@redhat.com, julien@xen.org, michael.d.kinney@intel.com, gaoliming@byosoft.com.cn, zhiguang.liu@intel.com, Pierre.Gondois@arm.com, Suzuki.Poulose@arm.com, Ryan.Roberts@arm.com, Matteo.Carlini@arm.com, Akanksha.Jain2@arm.com, Ben.Adderson@arm.com, nd@arm.com Content-Type: text/plain; charset="UTF-8" On Thu, 4 May 2023 at 17:13, Jean-Philippe Brucker wrote: > > Hello, > > On Tue, Apr 25, 2023 at 05:03:58PM +0100, Sami Mujawar wrote: > > We are happy to announce an early RFC version of the Arm Confidential > > Compute Architecture (CCA) support for the Kvmtool guest firmware. > > The intention is to seek early feedback in the following areas: > > * Integration of the Arm CCA in ArmVirtPkg > > * Generalise the operations wherever possible with other Confidential > > Compute solutions and Virtual Machine Managers (VMMs) > > Experimental support for ArmVirtQemu is available at [1]. Most of it > simply includes Sami's libraries into ArmVirtQemu, but there are a few > things specific to QEMU, one of which I still haven't figured out. > > The early debug support in PEI is problematic. A realm must access the > emulated serial port through unprotected Intermediate Physical Address > (IPA aka GPA) which is the upper half of the IPA space. The IPA address > must have the most significant bit set. Once the MMU is enabled and > ArmCcaConfigureMmio() runs, the page tables point to the right IPA so > there is no problem. Before that however, EarlyFdtPL011SerialPortLib would > need to access the device using the unprotected IPA address. So far I > haven't managed to implement this, so the early serial debug is just > disabled. > Did you spot the changes I made recently for booting at EL1 with hard coded [initial] page tables in flash? It seems to me that mapping the serial port in there shouldn't be that hard. > Another QEMU-specific: in direct kernel boot (-kernel on the > command-line), the FwCfg device provides kernel, initrd and other blobs to > the guest firmware. Since these are not in guest RAM before VM boot, they > are not part of the Realm Initial Measurement, which provides image > attestation. In order for the Realm owner to authenticate these images, > I added a BlobVerifier that adds the hash of these blobs to the Realm > Extended Measurement. > > I haven't looked at supporting ArmVirtQemuKernel yet. The latest QEMU VMM > support for Arm CCA is at [2], and a typical invocation would be: > > qemu-system-aarch64 -M confidential-guest-support=rme0 -object rme-guest,id=rme0 > -M virt -enable-kvm -M gic-version=3 -cpu host,sve=off -smp 2 -m 256M > -bios QEMU_EFI.fd -kernel Image -initrd rootfs.cpio > -overcommit mem-lock=on -no-acpi -nographic -append 'earlycon console=ttyAMA0' > > Thanks, > Jean > > [1] https://jpbrucker.net/git/edk2/ branch cca/qemu > [2] https://jpbrucker.net/git/qemu/ branch cca/rfc-v2 Thanks, this looks very interesting.