Currently TDX framework is based on EFI support and running test case
in TDX environment requires special QEMU command line parameters.
Add an environment variable EFI_TDX. When set, enable test case to
run in TDX protected environment with special QEMU parameters.
Force "-cpu host" to be the last parameter as qemu doesn't support
to customize CPU feature for TD guest currently.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
Reviewed-by: Yu Zhang <yu.c.zhang@xxxxxxxxx>
---
x86/efi/README.md | 6 ++++++
x86/efi/run | 19 +++++++++++++++++++
2 files changed, 25 insertions(+)
diff --git a/x86/efi/README.md b/x86/efi/README.md
index a39f509cd9aa..b6f1fc68b0f3 100644
--- a/x86/efi/README.md
+++ b/x86/efi/README.md
@@ -30,6 +30,12 @@ the env variable `EFI_UEFI`:
EFI_UEFI=/path/to/OVMF.fd ./x86/efi/run ./x86/msr.efi
+### Run test cases with UEFI in TDX environment
+
+To run a test case with UEFI and TDX enabled:
+
+ EFI_TDX=y ./x86/efi/run ./x86/msr.efi
+
## Code structure
### Code from GNU-EFI
diff --git a/x86/efi/run b/x86/efi/run
index ac368a59ba9f..2af0a303ea0e 100755
--- a/x86/efi/run
+++ b/x86/efi/run
@@ -18,6 +18,7 @@ source config.mak
: "${EFI_TEST:=efi-tests}"
: "${EFI_SMP:=1}"
: "${EFI_CASE:=$(basename $1 .efi)}"
+: "${EFI_TDX:=n}"
if [ ! -f "$EFI_UEFI" ]; then
echo "UEFI firmware not found: $EFI_UEFI"
@@ -29,6 +30,24 @@ fi
# Remove the TEST_CASE from $@
shift 1
+# TDX support -kernel QEMU parameter, could utilize the original way of
+# verifying QEMU's configuration. CPU feature customization isn't supported
+# in TDX currently, so pass through all the features with `-cpu host`
+if [ "$EFI_TDX" == "y" ]; then
+ "$TEST_DIR/run" \
+ -device loader,file="$EFI_UEFI",id=fd0 \
+ -object tdx-guest,id=tdx0 \
+ -machine q35,kvm-type=tdx,pic=no,kernel_irqchip=split,confidential-guest-support=tdx0 \
+ -kernel "$EFI_SRC/$EFI_CASE.efi" \
+ -net none \
+ -nographic \
+ -m 256 \
+ "$@" \
+ -cpu host
+
+ exit $?
+fi
+
if [ "$EFI_CASE" = "_NO_FILE_4Uhere_" ]; then
EFI_CASE=dummy
fi
--
2.25.1
