On 10/02/2025 15:23, Kevin Brodsky wrote: > [...] > >>> Any comment or feedback will be highly appreciated, be it on the >>> high-level approach or implementation choices! >> As hinted earlier with my QEMU question... what's the best way I can I >> test this myself? :) > As mentioned above I tested this series on Arm FVP. By far the easiest > way to run some custom kernel/rootfs on FVP is to use the Shrinkwrap > tool [3]. First install it following the quick start guide [4] (I would > recommend using the Docker backend if possible). Then build the firmware > stack using: > > $ shrinkwrap build -o arch/v9.0.yaml ns-edk2.yaml > > To make things easy, the runtime configuration can be stored in a file. > Create ~/.shrinkwrap/config/poe.yaml with the following contents: > > ----8<---- > > %YAML 1.2 > --- > layers: > - arch/v9.0.yaml Apologies, this is incorrect - it will not work with the most recent FVP builds. POE is a v9.4 feature so this line should be replaced with: > - arch/v9.4.yaml (No need to change the shrinkwrap build line, it only matters for the FVP runtime parameters.) - Kevin > run: > rtvars: > CMDLINE: > type: string > # nr_cpus=1 can be added to speed up the boot > value: console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda rw > params: > -C cluster0.has_permission_overlay_s1: 1 > -C cluster1.has_permission_overlay_s1: 1 > > ----8<---- > > Finally start FVP using: > > $ shrinkwrap run -o poe.yaml ns-edk2.yaml -r > KERNEL=<out>/arch/arm64/boot/Image -r ROOTFS=<rootfs.img> > > (Use Ctrl-] to terminate the model if needed.) > > <rootfs.img> is a file containing the root filesystem (in raw format, > e.g. ext4). The kernel itself is built as usual (defconfig works just > fine), just make sure to select CONFIG_KPKEYS_HARDENED_PGTABLES to > enable the feature. You can also select > CONFIG_KPKEYS_HARDENED_PGTABLES_TEST to run the tests in patch 15.
