Message ID | 20230216084913.2148508-1-dovmurik@linux.ibm.com (mailing list archive) |
---|---|
Headers | show |
Series | i386/sev: Support measured direct kernel boot on SNP | expand |
On 16/02/2023 10:49, Dov Murik wrote: > This RFC patch series is based on AMD's RFC upmv10-snpv3 tree [1]. > Note that in order to test this you must use '-machine pc-q35-7.1' to circumvent the SETUP_RNG_SEED bug [1] that interferes with the measured kernel. [1] https://lore.kernel.org/qemu-devel/20230208211212.41951-1-mst@redhat.com/ -Dov > > In order to enable measured direct kernel boot on SNP, QEMU needs to > fill the hashes page when kernel-hashes=on. This relies on several > changes to the SNP metadata published by OVMF (See [2] for proposed > OVMF patches). > > Patch 1 pulls the 'kernel-hashes' property from the SEV guest settings > to the common settings to make it available for both SEV and SNP. > > Patch 2 adds the hashes table for SNP guests (or validates the page as a > zero page if kernel-hashes=off). > > This patch series is also available at [3]. > > > [1] https://github.com/mdroth/qemu/commits/upmv10-snpv3 > [2] https://edk2.groups.io/g/devel/message/100286 > [3] https://github.com/confidential-containers-demo/qemu/tree/snp-kernel-hashes-v2 > > v2 changes: > * Rebase on top of upmv10-snpv3 which includes kernel-hashes. > > v1: https://lore.kernel.org/qemu-devel/20220329064038.96006-1-dovmurik%40linux.ibm.com/ > > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Daniel P. Berrangé <berrange@redhat.com> > Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> > Cc: Eduardo Habkost <eduardo@habkost.net> > Cc: Eric Blake <eblake@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Marcelo Tosatti <mtosatti@redhat.com> > Cc: Gerd Hoffmann <kraxel@redhat.com> > Cc: James Bottomley <jejb@linux.ibm.com> > Cc: Tom Lendacky <thomas.lendacky@amd.com> > Cc: Michael Roth <michael.roth@amd.com> > Cc: Ashish Kalra <ashish.kalra@amd.com> > Cc: Mario Smarduch <mario.smarduch@amd.com> > Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com> > > Dov Murik (2): > qapi, i386: Move kernel-hashes to SevCommonProperties > i386/sev: Allow measured direct kernel boot on SNP > > qapi/qom.json | 12 +++--- > target/i386/sev.c | 95 +++++++++++++++++++++++++++++------------------ > 2 files changed, 65 insertions(+), 42 deletions(-) >
On Thu, Feb 16, 2023 at 08:49:11AM +0000, Dov Murik wrote:
> This RFC patch series is based on AMD's RFC upmv10-snpv3 tree [1].
I've seen postings of the kernel patches for SNP using the kernel
UPM support, but I don't recall ever seeing these QEMU pieces
posted for review. The code in that QEMU branch looks different
from the last posting of SNP to qemu-devel years ago.
IMHO it would be very desirable if that QEMU UPM tree was submitted
to qemu-devel for review feedback, before requesting review of patches
that build on top of it.
With regards,
Daniel
* Daniel P. Berrangé (berrange@redhat.com) wrote: > On Thu, Feb 16, 2023 at 08:49:11AM +0000, Dov Murik wrote: > > This RFC patch series is based on AMD's RFC upmv10-snpv3 tree [1]. > > I've seen postings of the kernel patches for SNP using the kernel > UPM support, but I don't recall ever seeing these QEMU pieces > posted for review. The code in that QEMU branch looks different > from the last posting of SNP to qemu-devel years ago. > > IMHO it would be very desirable if that QEMU UPM tree was submitted > to qemu-devel for review feedback Some of the patches in there look like they're not dependent on SNP or the UPM interface; (eg some CPU model updates). It's probably worth posting those separately so that they can be reviewed and merged and out of the way. > before requesting review of patches > that build on top of it. But at the same time it seems right for Dov to send these patches for review. Dave > > With regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| >