1:04 p.m.
On Wed, Dec 25, 2024 at 09:01:32AM +0000, Akio Kakuno wrote:
- This patch adds Arm CCA support to qemu driver for aarch64 system.
CCA is an abbreviation for Arm Confidential Compute Architecture feature,
it enhances the virtualization capabilities of the platform by separating
the management of resources from access to those resources.
[summary]
- At this stage, all you can do is getting the CCA capability with the virsh
domcapabilities command and start the CCA VM with the virsh create command.
[Capability example]
- Execution results of 'virsh domcapability" on qemu
<domaincapabilities>
...
<features>
...
</sgx>
<cca supported='yes'>
<enum name='measurement-algo'>
<value>sha256</value>
<value>sha512</value>
</enum>
</cca>
<hyperv supported='yes'>
...
</features>
</domaincapabilities>
[XML example]
<domain>
...
<launchsecurity type='cca'>
<measurement-algo>sha256</measurement-algo>
</launchsecurity>
...
</domain>
Signed-off-by: Akio Kakuno <fj3333bs(a)fujitsu.com>
---
docs/formatdomain.rst | 28 ++++++
docs/formatdomaincaps.rst | 26 ++++-
src/conf/domain_capabilities.c | 41 ++++++++
src/conf/domain_capabilities.h | 12 +++
src/conf/domain_conf.c | 13 +++
src/conf/domain_conf.h | 7 ++
src/conf/schemas/domaincaps.rng | 14 +++
src/conf/schemas/domaincommon.rng | 14 +++
src/conf/virconftypes.h | 2 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_capabilities.c | 156 ++++++++++++++++++++++++++++++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_cgroup.c | 2 +
src/qemu/qemu_command.c | 32 ++++++
src/qemu/qemu_driver.c | 2 +
src/qemu/qemu_monitor.c | 10 ++
src/qemu/qemu_monitor.h | 3 +
src/qemu/qemu_monitor_json.c | 104 ++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 4 +
src/qemu/qemu_namespace.c | 2 +
src/qemu/qemu_process.c | 4 +
src/qemu/qemu_validate.c | 7 ++
22 files changed, 487 insertions(+), 1 deletion(-)
This ought to be split up into some separate parts.
* capabiltiies XML schema support
* domain XML schema support
* QEMU implementation for capabilities
* QEMU implementation for launching VMs
also the domain XML schema additions should get a test case
added to qemuconftest.
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 3253a28e5a..08e0abf0f3 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -9040,6 +9040,34 @@ The ``<launchSecurity/>`` element then accepts the following
child elements:
the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI.
+The contents of the ``<launchSecurity type='cca'>`` element is used to
create
+RealmVM using the Arm CCA feature (Confidential Compute Architecture).
+CCA :since:`Since 10.9.0` enhances the virtualization capabilities of the
Will be 11.1.0 at the earliest now, but I presume delays on
the QEMU side are going to hold us up from merging a good
while longer than that.
+platform by separating the management of resources from access to
those resources.
+This is achieved by extending the TrustZone of Cortex-A's Normal and Secure
+world concepts and adding the Realm world and the underlying Root world.
+The Secure Monitor runs in the root world and manages the transition between
+these security states. For more information see the Learn the architecture -
+Arm Confidential Compute Architecture software stack:
+`<https://developer.arm.com/documentation/den0127/latest>`__
+
+::
+
+ <domain>
+ ...
+ <launchSecurity type='cca'>
+ <measurement-algo>sha256</measurement-algo>
+ </launchSecurity>
+ ...
+ </domain>
+
+The ``<launchSecurity/>`` element accepts the following attributes:
+
+``measurement-algo``
+ The optional ``measurement-algo`` element determines algorithm used to
+ describe blob hashes.
+
+
Example configs
===============
diff --git a/src/conf/domain_capabilities.c
b/src/conf/domain_capabilities.c
index cf40d798e5..0a79fc0279 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -90,6 +90,19 @@ virSGXCapabilitiesFree(virSGXCapability *cap)
}
+void
+virCCACapabilitiesFree(virCCACapability *cap)
+{
+ if (!cap)
+ return;
+
+ if (cap->ccaMeasurementAlgo)
+ g_free(cap->ccaMeasurementAlgo);
ccaMeasurementAlgo is an array of strings, so this frees the
array but leaks the strings.
+
+ g_free(cap);
+}
+
+
static void
virDomainCapsDispose(void *obj)
{
@@ -1942,6 +1946,34 @@ virQEMUCapsSGXInfoCopy(virSGXCapability
**dst,
}
+static void
+virQEMUCapsCCAInfoCopy(virCCACapability **dst,
+ virCCACapability *src)
+{
+ g_autoptr(virCCACapability) tmp = NULL;
+ size_t i;
+
+ if (!src) {
+ *dst = NULL;
+ return;
+ }
+
+ tmp = g_new0(virCCACapability, 1);
+
+ tmp->nCcaMeasurementAlgo = src->nCcaMeasurementAlgo;
+
+ if (tmp->nCcaMeasurementAlgo != 0) {
+ tmp->ccaMeasurementAlgo = g_new0(char *, tmp->nCcaMeasurementAlgo);
+
+ for (i=0; i<tmp->nCcaMeasurementAlgo; i++) {
+ tmp->ccaMeasurementAlgo[i] = src->ccaMeasurementAlgo[i];
This is copynig the string pointer without duplicating it, which will
cause a double-free if you fix the missing 'free' calls for
virCCACapability I mention earlier
+ }
+ }
+
+ *dst = g_steal_pointer(&tmp);
+}
+
+
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|