[PATCH v7 15/52] i386/tdx: load TDVF for TD guest

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v7 15/52] i386/tdx: load TDVF for TD guest

From:	Xiaoyao Li
Subject:	[PATCH v7 15/52] i386/tdx: load TDVF for TD guest
Date:	Fri, 24 Jan 2025 08:20:11 -0500

From: Chao Peng <chao.p.peng@linux.intel.com>

TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot
support pflash device since it doesn't support read-only private memory.
Thus load TDVF(OVMF) with -bios option for TDs.

Use memory_region_init_ram_guest_memfd() to allocate the MemoryRegion
for TDVF because it needs to be located at private memory.

Also store the MemoryRegion pointer of TDVF since the shared ramblock of
it can be discared after it gets copied to private ramblock.

Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 hw/i386/x86-common.c  | 6 +++++-
 target/i386/kvm/tdx.c | 6 ++++++
 target/i386/kvm/tdx.h | 3 +++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index 008496b5b851..1f9492c2dbfd 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -44,6 +44,7 @@
 #include "standard-headers/asm-x86/bootparam.h"
 #include CONFIG_DEVICES
 #include "kvm/kvm_i386.h"
+#include "kvm/tdx.h"
 
 #ifdef CONFIG_XEN_EMU
 #include "hw/xen/xen.h"
@@ -1035,11 +1036,14 @@ void x86_bios_rom_init(X86MachineState *x86ms, const 
char *default_firmware,
     if (machine_require_guest_memfd(MACHINE(x86ms))) {
         memory_region_init_ram_guest_memfd(&x86ms->bios, NULL, "pc.bios",
                                            bios_size, &error_fatal);
+        if (is_tdx_vm()) {
+            tdx_set_tdvf_region(&x86ms->bios);
+        }
     } else {
         memory_region_init_ram(&x86ms->bios, NULL, "pc.bios",
                                bios_size, &error_fatal);
     }
-    if (sev_enabled()) {
+    if (sev_enabled() || is_tdx_vm()) {
         /*
          * The concept of a "reset" simply doesn't exist for
          * confidential computing guests, we have to destroy and
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 2124284e1653..f1c0553e6d4a 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -137,6 +137,12 @@ static int get_tdx_capabilities(Error **errp)
     return 0;
 }
 
+void tdx_set_tdvf_region(MemoryRegion *tdvf_mr)
+{
+    assert(!tdx_guest->tdvf_mr);
+    tdx_guest->tdvf_mr = tdvf_mr;
+}
+
 static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
     TdxGuest *tdx = TDX_GUEST(cgs);
diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
index d39e733d9fcc..b73461b8d8a3 100644
--- a/target/i386/kvm/tdx.h
+++ b/target/i386/kvm/tdx.h
@@ -30,6 +30,8 @@ typedef struct TdxGuest {
     char *mrconfigid;       /* base64 encoded sha348 digest */
     char *mrowner;          /* base64 encoded sha348 digest */
     char *mrownerconfig;    /* base64 encoded sha348 digest */
+
+    MemoryRegion *tdvf_mr;
 } TdxGuest;
 
 #ifdef CONFIG_TDX
@@ -39,5 +41,6 @@ bool is_tdx_vm(void);
 #endif /* CONFIG_TDX */
 
 int tdx_pre_create_vcpu(CPUState *cpu, Error **errp);
+void tdx_set_tdvf_region(MemoryRegion *tdvf_mr);
 
 #endif /* QEMU_I386_TDX_H */
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v7 03/52] i386/tdx: Implement tdx_kvm_type() for TDX, (continued)
- [PATCH v7 03/52] i386/tdx: Implement tdx_kvm_type() for TDX, Xiaoyao Li, 2025/01/24
- [PATCH v7 04/52] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context, Xiaoyao Li, 2025/01/24
- [PATCH v7 07/52] kvm: Introduce kvm_arch_pre_create_vcpu(), Xiaoyao Li, 2025/01/24
- [PATCH v7 09/52] i386/tdx: Add property sept-ve-disable for tdx-guest object, Xiaoyao Li, 2025/01/24
- [PATCH v7 08/52] i386/tdx: Initialize TDX before creating TD vcpus, Xiaoyao Li, 2025/01/24
- [PATCH v7 10/52] i386/tdx: Make sept_ve_disable set by default, Xiaoyao Li, 2025/01/24
- [PATCH v7 11/52] i386/tdx: Wire CPU features up with attributes of TD guest, Xiaoyao Li, 2025/01/24
- [PATCH v7 12/52] i386/tdx: Validate TD attributes, Xiaoyao Li, 2025/01/24
- [PATCH v7 13/52] i386/tdx: Set APIC bus rate to match with what TDX module enforces, Xiaoyao Li, 2025/01/24
- [PATCH v7 14/52] i386/tdx: Implement user specified tsc frequency, Xiaoyao Li, 2025/01/24
- [PATCH v7 15/52] i386/tdx: load TDVF for TD guest, Xiaoyao Li <=
- [PATCH v7 16/52] i386/tdvf: Introduce function to parse TDVF metadata, Xiaoyao Li, 2025/01/24
- [PATCH v7 17/52] i386/tdx: Parse TDVF metadata for TDX VM, Xiaoyao Li, 2025/01/24
- [PATCH v7 18/52] i386/tdx: Don't initialize pc.rom for TDX VMs, Xiaoyao Li, 2025/01/24
- [PATCH v7 19/52] i386/tdx: Track mem_ptr for each firmware entry of TDVF, Xiaoyao Li, 2025/01/24
- [PATCH v7 20/52] i386/tdx: Track RAM entries for TDX VM, Xiaoyao Li, 2025/01/24
- [PATCH v7 21/52] headers: Add definitions from UEFI spec for volumes, resources, etc..., Xiaoyao Li, 2025/01/24
- [PATCH v7 22/52] i386/tdx: Setup the TD HOB list, Xiaoyao Li, 2025/01/24
- [PATCH v7 23/52] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION, Xiaoyao Li, 2025/01/24
- [PATCH v7 24/52] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu, Xiaoyao Li, 2025/01/24
- [PATCH v7 26/52] i386/tdx: Enable user exit on KVM_HC_MAP_GPA_RANGE, Xiaoyao Li, 2025/01/24

Prev by Date: [PATCH v7 14/52] i386/tdx: Implement user specified tsc frequency
Next by Date: [PATCH v7 16/52] i386/tdvf: Introduce function to parse TDVF metadata
Previous by thread: [PATCH v7 14/52] i386/tdx: Implement user specified tsc frequency
Next by thread: [PATCH v7 16/52] i386/tdvf: Introduce function to parse TDVF metadata
Index(es):
- Date
- Thread