On 27/01/2023 11:22, Suzuki K Poulose wrote: > [...] > Running the stack > ==================== > > To run/test the stack, you would need the following components : > > 1) FVP Base AEM RevC model with FEAT_RME support [4] > 2) TF-A firmware for EL3 [5] > 3) TF-A RMM for R-EL2 [3] > 4) Linux Kernel [6] > 5) kvmtool [7] > 6) kvm-unit-tests [8] > > Instructions for building the firmware components and running the model are > available here [9]. Once, the host kernel is booted, a Realm can be launched by > invoking the `lkvm` commad as follows: > > $ lkvm run --realm \ > --measurement-algo=["sha256", "sha512"] \ > --disable-sve \ > <normal-vm-options> > > Where: > * --measurement-algo (Optional) specifies the algorithm selected for creating the > initial measurements by the RMM for this Realm (defaults to sha256). > * GICv3 is mandatory for the Realms. > * SVE is not yet supported in the TF-RMM, and thus must be disabled using > --disable-sve > > You may also run the kvm-unit-tests inside the Realm world, using the similar > options as above. Building all of these components and configuring the FVP correctly can be quite tricky, so I thought I would plug a tool we have called Shrinkwrap, which can simplify all of this. The tool accepts a yaml input configuration that describes how a set of components should be built and packaged, and how the FVP should be configured and booted. And by default, it uses a Docker container on its backend, which contains all the required tools, including the FVP. You can optionally use Podman or have it run on your native system if you prefer. It supports both x86_64 and aarch64. And you can even run it in --dry-run mode to see the set of shell commands that would have been executed. It comes with two CCA configs out-of-the-box; cca-3world.yaml builds TF-A, RMM, Linux (for both host and guest), kvmtool and kvm-unit-tests. cca-4world.yaml adds Hafnium and some demo SPs for the secure world (although since Hafnium requires x86_64 to build, cca-4world.yaml doesn't currently work on an aarch64 build host). See the documentation [1] and repository [2] for more info. Brief instructions to get you up and running: # Install shrinkwrap. (I assume you have Docker installed): sudo pip3 install pyyaml termcolor tuxmake git clone https://git.gitlab.arm.com/tooling/shrinkwrap.git export PATH=$PWD/shrinkwrap/shrinkwrap:$PATH # If running Python < 3.9: sudo pip3 install graphlib-backport # Build all the CCA components: shrinkwrap build cca-3world.yaml [--dry-run] # Run the stack in the FVP: shrinkwrap run cca-3world.yaml -r ROOTFS=<my_rootfs.ext4> [--dry-run] By default, building is done at ~/.shrinkwrap/build/cca-3world and the package is created at ~/.shrinkwrap/package/cca-3world (this can be changed with envvars). The 'run' command will boot TF-A, RMM and host Linux kernel in the FVP, and mount the provided rootfs. You will likely want to have copied the userspace pieces into the rootfs before running, so you can create realms: - ~/.shrinkwrap/package/cca-3world/Image (kernel with RMI and RSI support) - ~/.shrinkwrap/package/cca-3world/lkvm (kvmtool able to launch realms) - ~/.shrinkwrap/package/cca-3world/kvm-unit-tests.tgz (built kvm-unit-tests) Once the FVP is booted to a shell, you can do something like this to launch a Linux guest in a realm: lkvm run --realm --disable-sve -c 1 -m 256 -k Image [1] https://shrinkwrap.docs.arm.com [2] https://gitlab.arm.com/tooling/shrinkwrap
