tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/OvmfPkg/Microvm
History
Min Xu 2520182122 OvmfPkg: Update IoMmuDxe to support TDX 
RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429

The IOMMU protocol driver provides capabilities to set a DMA access
attribute and methods to allocate, free, map and unmap the DMA memory
for the PCI Bus devices.

The current IoMmuDxe driver supports DMA operations inside SEV guest.
To support DMA operation in TDX guest,
CC_GUEST_IS_XXX (PcdConfidentialComputingGuestAttr) is used to determine
if it is SEV guest or TDX guest.

Due to security reasons all DMA operations inside the SEV/TDX guest must
be performed on shared pages. The IOMMU protocol driver for the SEV/TDX
guest uses a bounce buffer to map guest DMA buffer to shared pages in
order to provide the support for DMA operations inside SEV/TDX guest.

The call of SEV or TDX specific function to set/clear EncMask/SharedBit
is determined by CC_GUEST_IS_XXX (PcdConfidentialComputingGuestAttr).

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
 		2022-04-02 08:15:12 +00:00
..
MicrovmX64.dsc OvmfPkg: Update IoMmuDxe to support TDX 2022-04-02 08:15:12 +00:00
MicrovmX64.fdf OvmfPkg/Microvm/virtio: add virtio-mmio support 2021-12-13 12:16:32 +00:00
README OvmfPkg/Microvm: add README 2021-12-13 12:16:32 +00:00

README

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.


This is an *experimental* port of OVMF for the QEMU microvm
machine type.

microvm background info
-----------------------

microvm is designed for modern, virtio-based workloads.  Most legacy
lpc/isa devices like pit and pic can be turned off.  virtio-mmio
(i.e. '-device virtio-{blk,net,scsi,...}-device') is used for
storage/network/etc.

Optional pcie support is available and any pcie device supported by
QEMU can be plugged in (including virtio-pci if you prefer that over
virtio-mmio).

https://qemu.readthedocs.io/en/latest/system/i386/microvm.html
https://www.kraxel.org/blog/2020/10/qemu-microvm-acpi/

design issues
-------------

Not fully clear yet how to do hardware detection best.  Right now
using device tree to find virtio-mmio devices and pcie host bridge,
can reuse existing ArmVirtPkg code that way.  Needs patched QEMU.

features
--------
 [working] serial console
 [working] direct kernel boot
 [working] virtio-mmio support
 [in progress] pcie support

known limitations
-----------------
 * rtc=on is required for now.
 * can't use separate code/vars (actually an microvm limitation,
   there is no pflash support).
 * transitional virtio-pci devices do not work.  microvm doesn't
   support ioports on pcie, and ovmf doesn't initialize pcie devices
   with ioports if there is no address space for them (even though
   pcie devices are required to be functional without ioports).

usage
-----
qemu-system-x86_64 \
    -nographic \
    -machine microvm,acpi=on,pit=off,pic=off,rtc=on \
    -bios /path/to/MICROVM.fd \
    [ ... more args here ... ]