On Wed, Dec 25, 2024 at 09:01:32AM +0000, Akio Kakuno wrote: > - This patch adds Arm CCA support to qemu driver for aarch64 system. > CCA is an abbreviation for Arm Confidential Compute Architecture feature, > it enhances the virtualization capabilities of the platform by separating > the management of resources from access to those resources. > > [summary] > - At this stage, all you can do is getting the CCA capability with the virsh > domcapabilities command and start the CCA VM with the virsh create command. > > [Capability example] > - Execution results of 'virsh domcapability" on qemu > <domaincapabilities> > ... > <features> > ... > </sgx> > <cca supported='yes'> > <enum name='measurement-algo'> > <value>sha256</value> > <value>sha512</value> > </enum> > </cca> > <hyperv supported='yes'> > ... > </features> > </domaincapabilities> > > [XML example] > <domain> > ... > <launchsecurity type='cca'> > <measurement-algo>sha256</measurement-algo> > </launchsecurity> > ... > </domain> > > Signed-off-by: Akio Kakuno <fj3333bs@xxxxxxxxxxx> > --- > docs/formatdomain.rst | 28 ++++++ > docs/formatdomaincaps.rst | 26 ++++- > src/conf/domain_capabilities.c | 41 ++++++++ > src/conf/domain_capabilities.h | 12 +++ > src/conf/domain_conf.c | 13 +++ > src/conf/domain_conf.h | 7 ++ > src/conf/schemas/domaincaps.rng | 14 +++ > src/conf/schemas/domaincommon.rng | 14 +++ > src/conf/virconftypes.h | 2 + > src/libvirt_private.syms | 1 + > src/qemu/qemu_capabilities.c | 156 ++++++++++++++++++++++++++++++ > src/qemu/qemu_capabilities.h | 4 + > src/qemu/qemu_cgroup.c | 2 + > src/qemu/qemu_command.c | 32 ++++++ > src/qemu/qemu_driver.c | 2 + > src/qemu/qemu_monitor.c | 10 ++ > src/qemu/qemu_monitor.h | 3 + > src/qemu/qemu_monitor_json.c | 104 ++++++++++++++++++++ > src/qemu/qemu_monitor_json.h | 4 + > src/qemu/qemu_namespace.c | 2 + > src/qemu/qemu_process.c | 4 + > src/qemu/qemu_validate.c | 7 ++ > 22 files changed, 487 insertions(+), 1 deletion(-) This ought to be split up into some separate parts. * capabiltiies XML schema support * domain XML schema support * QEMU implementation for capabilities * QEMU implementation for launching VMs also the domain XML schema additions should get a test case added to qemuconftest. > diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst > index 3253a28e5a..08e0abf0f3 100644 > --- a/docs/formatdomain.rst > +++ b/docs/formatdomain.rst > @@ -9040,6 +9040,34 @@ The ``<launchSecurity/>`` element then accepts the following child elements: > the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI. > > > +The contents of the ``<launchSecurity type='cca'>`` element is used to create > +RealmVM using the Arm CCA feature (Confidential Compute Architecture). > +CCA :since:`Since 10.9.0` enhances the virtualization capabilities of the Will be 11.1.0 at the earliest now, but I presume delays on the QEMU side are going to hold us up from merging a good while longer than that. > +platform by separating the management of resources from access to those resources. > +This is achieved by extending the TrustZone of Cortex-A's Normal and Secure > +world concepts and adding the Realm world and the underlying Root world. > +The Secure Monitor runs in the root world and manages the transition between > +these security states. For more information see the Learn the architecture - > +Arm Confidential Compute Architecture software stack: > +`<https://developer.arm.com/documentation/den0127/latest>`__ > + > +:: > + > + <domain> > + ... > + <launchSecurity type='cca'> > + <measurement-algo>sha256</measurement-algo> > + </launchSecurity> > + ... > + </domain> > + > +The ``<launchSecurity/>`` element accepts the following attributes: > + > +``measurement-algo`` > + The optional ``measurement-algo`` element determines algorithm used to > + describe blob hashes. > + > + > Example configs > =============== > diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c > index cf40d798e5..0a79fc0279 100644 > --- a/src/conf/domain_capabilities.c > +++ b/src/conf/domain_capabilities.c > @@ -90,6 +90,19 @@ virSGXCapabilitiesFree(virSGXCapability *cap) > } > > > +void > +virCCACapabilitiesFree(virCCACapability *cap) > +{ > + if (!cap) > + return; > + > + if (cap->ccaMeasurementAlgo) > + g_free(cap->ccaMeasurementAlgo); ccaMeasurementAlgo is an array of strings, so this frees the array but leaks the strings. > + > + g_free(cap); > +} > + > + > static void > virDomainCapsDispose(void *obj) > { > @@ -1942,6 +1946,34 @@ virQEMUCapsSGXInfoCopy(virSGXCapability **dst, > } > > > +static void > +virQEMUCapsCCAInfoCopy(virCCACapability **dst, > + virCCACapability *src) > +{ > + g_autoptr(virCCACapability) tmp = NULL; > + size_t i; > + > + if (!src) { > + *dst = NULL; > + return; > + } > + > + tmp = g_new0(virCCACapability, 1); > + > + tmp->nCcaMeasurementAlgo = src->nCcaMeasurementAlgo; > + > + if (tmp->nCcaMeasurementAlgo != 0) { > + tmp->ccaMeasurementAlgo = g_new0(char *, tmp->nCcaMeasurementAlgo); > + > + for (i=0; i<tmp->nCcaMeasurementAlgo; i++) { > + tmp->ccaMeasurementAlgo[i] = src->ccaMeasurementAlgo[i]; This is copynig the string pointer without duplicating it, which will cause a double-free if you fix the missing 'free' calls for virCCACapability I mention earlier > + } > + } > + > + *dst = g_steal_pointer(&tmp); > +} > + > + With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
