Hi, all.
- This patch adds Arm CCA support to qemu driver for aarch64 system.
CCA is an abbreviation for Arm Confidential Compute Architecture feature,
it enhances the virtualization capabilities of the platform by separating
the management of resources from access to those resources.
- We are not yet at the stage where we can merge this patch as host
linux/qemu suppor is no yet merged, but I would like to receive reviews
and comments on the overall direction.
[summary]
- At this stage, all you can do is getting the CCA capability with
the virsh domcapabilities command and start the CCA VM with the virsh
create command.
- capability info uses qemu QMP to query qemu options. The option that
exists now is for selecting a hash algorithm.
[Capability example]
- Execution results of 'virsh domcapability" on qemu
<domaincapabilities>
...
<features>
...
</sgx>
<cca supported='yes'>
<enum name='measurement-algo'>
<value>sha256</value>
<value>sha512</value>
</enum>
</cca>
<hyperv supported='yes'>
...
</features>
</domaincapabilities>
[XML example]
<domain>
...
<launchsecurity type='cca'>
<measurement-algo>sha256</measurement-algo>
</launchsecurity>
...
</domain>
[limitations/tests]
- To obtain capability info, it is necessary to support the qemu QMP
command, which qemu does not yet support. Therefore, I put a hack in
the code at hand and only confirmed the communication. Also, I think we
should check whether CPUFW supports CCA or not in qemu_firmware.c, but it
is not yet implemented.
- Verified that the CCA VM can be started from virsh create command.
[software version]
- I followed the steps in Linaro's blog below.
https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/Building+an+RME+stack+for+QEMU#Launching-a-Realm-guest-using-QEMU
- The Qemu used was based on Linaro's qemu(9.1.91).
https://git.codelinaro.org/linaro/dcap/qemu/-/tree/cca/v3?ref_type=heads
Signed-off-by: Akio Kakuno <fj3333bs@xxxxxxxxxxx>
Best Regards.
Akio Kakuno (1):
RFC: Add Arm CCA support for getting capability information and
running Realm VM
docs/formatdomain.rst | 28 ++++++
docs/formatdomaincaps.rst | 26 ++++-
src/conf/domain_capabilities.c | 41 ++++++++
src/conf/domain_capabilities.h | 12 +++
src/conf/domain_conf.c | 13 +++
src/conf/domain_conf.h | 7 ++
src/conf/schemas/domaincaps.rng | 14 +++
src/conf/schemas/domaincommon.rng | 14 +++
src/conf/virconftypes.h | 2 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 156 ++++++++++++++++++++++++++++++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_cgroup.c | 2 +
src/qemu/qemu_command.c | 32 ++++++
src/qemu/qemu_driver.c | 2 +
src/qemu/qemu_monitor.c | 10 ++
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 104 ++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 4 +
src/qemu/qemu_namespace.c | 2 +
src/qemu/qemu_process.c | 4 +
src/qemu/qemu_validate.c | 7 ++
22 files changed, 487 insertions(+), 1 deletion(-)
--
I previously posted this on the 25th, but it appears it didn't reach the mailing list. Apologies for any duplication.
2.34.1
