[kvm-unit-tests RFC v2 00/18] X86: TDX framework support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from the virtual
machine manager (VMM)/hypervisor and any other software on the platform.

To support TDX, multiple software components, not only KVM but also QEMU,
guest kernel, and virtual bios, need to be updated. For more details,
please check link[1], there are TDX spec and public repository links at
github for each software component.

* What do we add?
This patch set adds a basic framework to support running existing and
future test cases in TDX-protected environments to verify the function of
the *TDX 1.5* software stack. Appreciate any comments and suggestions.

This framework depends on UEFI support.

The supported test cases are marked in a "tdx" test group. Most of the
unsupported test cases are due to testing features not supported by TDX, a
few are due to their special design being unsuitable for running in UEFI.

This series is also available on github:
https://github.com/intel/kvm-unit-tests-tdx/tree/tdx

To run a test case in TDX:
    EFI_TDX=y [EFI_UEFI=/path/to/TDVF.fd] [QEMU=/path/to/qemu-tdx]
./x86/efi/run x86/msr.efi
To run all the tdx-supported test cases:
    EFI_TDX=y [EFI_UEFI=/path/to/TDVF.fd] [QEMU=/path/to/qemu-tdx]
./run_tests.sh -g tdx

[EFI_UEFI=/path/to/TDVF.fd] [QEMU=/path/to/qemu-tdx] customization can be
removed after released packages of OVMF and qemu have TDX support. The
current OVMF upstream code has TDX support, but its package doesn't have
full TDX features.

* Patch organization
patch  1-8: add initial support for TDX, some simple test cases could run
            with them.
patch    9: TDVF supports accepting part of the whole memory and this patch
            adds support for accepting remaining memory.
patch10-12: add multiprocessor support.
patch13-14: enable the lvl5 page table as TDVF uses it.
patch15-16: bypass and modify unsupported sub-test to be compatible with
            TDX.
patch   17: TDX-specific test case, may add more sub-tests in the future.
patch   18: enable all the TDX-supported test cases to run in a batch with
            run_tests.sh

TODO:
1. add more TDX specific sub-test
2. add mmio simulation in #VE handler

[1] "KVM TDX basic feature support"
https://lwn.net/ml/linux-kernel/cover.1699368322.git.isaku.yamahata@xxxxxxxxx/

---
Changes RFC v1 -> RFC v2:
  - rebase to the latest kvm-unit-tests repo.
  - modify the TDCALL helper using one micro TDX_MODULE_CALL as the TD
    guest kernel does. And split patch1 of RFC v1 into two patches: guest
    code porting and TDX framework setup.
  - using printf instead of tdx_printf, as TDVF provides default #VE
    handler before unit test setup. (patch 2)
  - change the return of each handler in #VE. (patch 3)
  - change implementation of private memory acceptance, i.e.,
    tdx_accept_memory_regions. (patch 9)
  - move the content of lib/x86/acpi.c to lib/acpi.c. (patch 10)
  - refine AP bring-up process and integrate TDX MP to existing UEFI MP.
    (patch 11)
  - drop patch 16 of RFC v1 "x86 UEFI: Add support for parameter passing"
    as code base already has support.
  - add checks for the fixed value of virtualized CPUID. (patch 17)
  - some order adjustments and fixes.

RFC v1:
https://lore.kernel.org/all/20220303071907.650203-1-zhenzhong.duan@xxxxxxxxx/

Zhenzhong Duan (18):
  x86 TDX: Port tdx basic functions from TDX guest code
  x86 TDX: Add support functions for TDX framework
  x86 TDX: Add #VE handler
  x86 TDX: Bypass APIC and enable x2APIC directly
  x86 TDX: Add exception table support
  x86 TDX: Bypass wrmsr simulation on some specific MSRs
  x86 TDX: Simulate single step on #VE handled instruction
  x86 TDX: Extend EFI run script to support TDX
  x86 TDX: Add support for memory accept
  acpi: Add MADT table parse code
  x86 TDX: Add multi processor support
  x86 TDX: Add a formal IPI handler
  x86 TDX: Enable lvl5 boot page table
  x86 TDX: Add lvl5 page table support to virtual memory
  x86 TDX: bypass unsupported syscall TF for TDX
  x86 TDX: Modify the MSR test to be compatible with TDX
  x86 TDX: Add TDX specific test case
  x86 TDX: Make run_tests.sh work with TDX

 README.md              |   6 +
 lib/acpi.c             | 160 +++++++++++
 lib/acpi.h             |  59 +++-
 lib/asm-generic/page.h |   7 +-
 lib/linux/efi.h        |  23 +-
 lib/x86/apic.c         |   4 +
 lib/x86/asm/page.h     |  19 ++
 lib/x86/asm/setup.h    |   1 +
 lib/x86/desc.c         |  18 +-
 lib/x86/desc.h         |  11 +
 lib/x86/setup.c        |  67 ++++-
 lib/x86/smp.c          |  44 ++-
 lib/x86/smp.h          |   2 +
 lib/x86/tdcall.S       |  66 +++++
 lib/x86/tdx.c          | 637 +++++++++++++++++++++++++++++++++++++++++
 lib/x86/tdx.h          | 167 +++++++++++
 lib/x86/tdxcall.S      | 249 ++++++++++++++++
 lib/x86/vm.c           |  15 +-
 x86/Makefile.common    |   3 +
 x86/Makefile.x86_64    |   1 +
 x86/efi/README.md      |   6 +
 x86/efi/efistart64.S   |  51 ++++
 x86/efi/run            |  19 ++
 x86/intel_tdx.c        | 326 +++++++++++++++++++++
 x86/msr.c              |  46 ++-
 x86/syscall.c          |   3 +-
 x86/unittests.cfg      |  21 +-
 27 files changed, 1984 insertions(+), 47 deletions(-)
 create mode 100644 lib/x86/tdcall.S
 create mode 100644 lib/x86/tdx.c
 create mode 100644 lib/x86/tdx.h
 create mode 100644 lib/x86/tdxcall.S
 create mode 100644 x86/intel_tdx.c

base-commit: 6b31aa76a038bb56b144825f55301b2ab64c02e9
-- 
2.25.1
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux