[PATCH 0/1] RFC: Add Arm CCA support for getting capability information and running Realm VM
Hi, all.
- This patch adds Arm CCA support to qemu driver for aarch64 system.
CCA is an abbreviation for Arm Confidential Compute Architecture feature,
it enhances the virtualization capabilities of the platform by separating
the management of resources from access to those resources.
- We are not yet at the stage where we can merge this patch as host
linux/qemu suppor is no yet merged, but I would like to receive reviews
and comments on the overall direction.
[summary]
- At this stage, all you can do is getting the CCA capability with the virsh
domcapabilities command and start the CCA VM with the virsh create command.
- capability info uses qemu QMP to query qemu options. The option that
exists now is for selecting a hash algorithm.
[Capability example]
- Execution results of 'virsh domcapability" on qemu
<domaincapabilities>
...
<features>
...
</sgx>
<cca supported='yes'>
<enum name='measurement-algo'>
<value>sha256</value>
<value>sha512</value>
</enum>
</cca>
<hyperv supported='yes'>
...
</features>
</domaincapabilities>
[XML example]
<domain>
...
<launchsecurity type='cca'>
<measurement-algo>sha256</measurement-algo>
</launchsecurity>
...
</domain>
[limitations/tests]
- To obtain capability info, it is necessary to support the qemu QMP command,
which qemu does not yet support. Therefore, I put a hack in the code at
hand and only confirmed the communication. Also, I think we should check
whether CPUFW supports CCA or not in qemu_firmware.c, but it is not yet
implemented.
- Verified that the CCA VM can be started from virsh create command.
[software version]
- I followed the steps in Linaro's blog below.
https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/Building+...
- The Qemu used was based on Linaro's qemu(9.1.91).
https://git.codelinaro.org/linaro/dcap/qemu/-/tree/cca/v3?ref_type=heads
Signed-off-by: Akio Kakuno <fj3333bs(a)fujitsu.com>
Best Regards.
Akio Kakuno (1):
RFC: Add Arm CCA support for getting capability information and
running Realm VM
docs/formatdomain.rst | 28 ++++++
docs/formatdomaincaps.rst | 26 ++++-
src/conf/domain_capabilities.c | 41 ++++++++
src/conf/domain_capabilities.h | 12 +++
src/conf/domain_conf.c | 13 +++
src/conf/domain_conf.h | 7 ++
src/conf/schemas/domaincaps.rng | 14 +++
src/conf/schemas/domaincommon.rng | 14 +++
src/conf/virconftypes.h | 2 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 156 ++++++++++++++++++++++++++++++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_cgroup.c | 2 +
src/qemu/qemu_command.c | 32 ++++++
src/qemu/qemu_driver.c | 2 +
src/qemu/qemu_monitor.c | 10 ++
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 104 ++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 4 +
src/qemu/qemu_namespace.c | 2 +
src/qemu/qemu_process.c | 4 +
src/qemu/qemu_validate.c | 7 ++
22 files changed, 487 insertions(+), 1 deletion(-)
--
2.34.1