From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web11.40.1668790117645431843
 for <devel@edk2.groups.io>;
 Fri, 18 Nov 2022 08:48:38 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4912D23A;
	Fri, 18 Nov 2022 08:48:43 -0800 (PST)
Received: from [10.34.100.128] (pierre123.nice.arm.com [10.34.100.128])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A2F033F663;
	Fri, 18 Nov 2022 08:48:35 -0800 (PST)
Message-ID: <bee117cb-b3a1-1d5d-fa41-049e7ab07ca8@arm.com>
Date: Fri, 18 Nov 2022 17:48:30 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Subject: Re: [PATCH 2/3] ArmVirtPkg/ArmVirtQemu: Expose TRNG hypercall via RngDxe if implemented
To: Ard Biesheuvel <ardb@kernel.org>, devel@edk2.groups.io
Cc: Liming Gao <gaoliming@byosoft.com.cn>, Rebecca Cran <rebecca@bsdio.com>,
 Leif Lindholm <quic_llindhol@quicinc.com>,
 Sami Mujawar <sami.mujawar@arm.com>, Gerd Hoffmann <kraxel@redhat.com>,
 "Jason A . Donenfeld" <Jason@zx2c4.com>
References: <20221110134738.3798618-1-ardb@kernel.org>
 <20221110134738.3798618-3-ardb@kernel.org>
From: "PierreGondois" <pierre.gondois@arm.com>
In-Reply-To: <20221110134738.3798618-3-ardb@kernel.org>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Hello Ard,

On 11/10/22 14:47, Ard Biesheuvel wrote:
> Currently, we only expose the EFI_RNG_PROTOCOL in ArmVirtQemu if QEMU
> provides a virtio-rng device, and it doesn't do so by default.
> 
> Given that KVM exposes the ARM architected TRNG service (and has done so
> for a while now), let's incorporate the RngDxe driver which has recently
> grown support for the ARM firmware/hypervisor service.
> 
> If both the service and the virtio device are available, two
> implementations of the RNG protocol will be exposed, but this is fine:
> callers that don't care about the distinction will grab the first one
> available.
> 
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>   ArmVirtPkg/ArmVirtQemu.dsc           | 11 +++++++++++
>   ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc |  5 +++++
>   ArmVirtPkg/ArmVirtQemuKernel.dsc     | 11 +++++++++++
>   3 files changed, 27 insertions(+)
> 
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index f77443229e8e..1771ad562225 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -140,6 +140,8 @@ [PcdsFeatureFlag.common]
>   
>     gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
>   
> +  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
> +

It seems that the PSCI conduit needs to be dynamically set.
The psci conduit that should be used is configured by qemu depending on the
virtualization=[on|off] parameter. When off, HVC must be used (SMC otherwise).
Cf:
https://github.com/qemu/qemu/blob/master/hw/arm/virt.c#L2052

If using the wrong conduit, qemu traps the instruction and stops.
For KvmTool, the conduit is always HVC.

Command used:
[PATH_TO]/qemu/build/qemu-system-aarch64 \
	-serial stdio -M virt,highmem=on,virtualization=off \
	-cpu cortex-a57 -smp 4 -m 4096 \
	-drive file=pflash0.img,format=raw,if=pflash,readonly=on \
	-drive file=pflash1.img,format=raw,if=pflash

Regards,
Pierre