tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/OvmfPkg/Microvm
History
Michael Roth f0ed194236 OvmfPkg: Don't make APIC MMIO accesses with encryption bit set 
For the most part, OVMF will clear the encryption bit for MMIO regions,
but there is currently one known exception during SEC when the APIC
base address is accessed via MMIO with the encryption bit set for
SEV-ES/SEV-SNP guests. In the case of SEV-SNP, this requires special
handling on the hypervisor side which may not be available in the
future[1], so make the necessary changes in the SEC-configured page
table to clear the encryption bit for 4K region containing the APIC
base address.

[1] https://lore.kernel.org/lkml/20240208002420.34mvemnzrwwsaesw@amd.com/#t

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jianyong Wu <jianyong.wu@arm.com>
Cc: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
 		2024-05-02 12:43:50 +00:00
..
MicrovmX64.dsc Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services 2024-04-17 18:30:03 +00:00
MicrovmX64.fdf OvmfPkg: Don't make APIC MMIO accesses with encryption bit set 2024-05-02 12:43:50 +00:00
README OvmfPkg/Microvm/pcie: add pcie support 2022-06-03 09:06:44 +00:00

README

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.


This is an *experimental* port of OVMF for the QEMU microvm
machine type.

microvm background info
-----------------------

microvm is designed for modern, virtio-based workloads.  Most legacy
lpc/isa devices like pit and pic can be turned off.  virtio-mmio
(i.e. '-device virtio-{blk,net,scsi,...}-device') is used for
storage/network/etc.

Optional pcie support is available and any pcie device supported by
QEMU can be plugged in (including virtio-pci if you prefer that over
virtio-mmio).

https://qemu.readthedocs.io/en/latest/system/i386/microvm.html
https://www.kraxel.org/blog/2020/10/qemu-microvm-acpi/

design issues
-------------

Not fully clear yet how to do hardware detection best.  Right now
using device tree to find virtio-mmio devices and pcie host bridge,
can reuse existing ArmVirtPkg code that way.  Needs patched QEMU.

features
--------
 [working] serial console
 [working] direct kernel boot
 [working] virtio-mmio support
 [working] pcie support

known limitations
-----------------
 * rtc=on is required for now.
 * can't use separate code/vars (actually an microvm limitation,
   there is no pflash support).
 * transitional virtio-pci devices do not work.  microvm doesn't
   support ioports on pcie, and ovmf doesn't initialize pcie devices
   with ioports if there is no address space for them (even though
   pcie devices are required to be functional without ioports).

usage
-----
qemu-system-x86_64 \
    -nographic \
    -machine microvm,acpi=on,pit=off,pic=off,rtc=on \
    -bios /path/to/MICROVM.fd \
    [ ... more args here ... ]