diff options
| author | Chao Peng <chao.p.peng@linux.intel.com> | 2025-05-08 10:59:22 -0400 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2025-05-28 19:01:41 +0200 |
| commit | 0dd5fe5ebeabefc7b3d7f043991b1edfe6b8eda9 (patch) | |
| tree | 7b3d3f6fc56563abdd233af1d4938a291f6815f1 | |
| parent | 0e73b843616e52882940ab89e1b0e86e22be2162 (diff) | |
| download | focaccia-qemu-0dd5fe5ebeabefc7b3d7f043991b1edfe6b8eda9.tar.gz focaccia-qemu-0dd5fe5ebeabefc7b3d7f043991b1edfe6b8eda9.zip | |
i386/tdx: load TDVF for TD guest
TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot support pflash device since it doesn't support read-only private memory. Thus load TDVF(OVMF) with -bios option for TDs. Use memory_region_init_ram_guest_memfd() to allocate the MemoryRegion for TDVF because it needs to be located at private memory. Also store the MemoryRegion pointer of TDVF since the shared ramblock of it can be discared after it gets copied to private ramblock. Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com> Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Link: https://lore.kernel.org/r/20250508150002.689633-17-xiaoyao.li@intel.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| -rw-r--r-- | hw/i386/x86-common.c | 6 | ||||
| -rw-r--r-- | target/i386/kvm/tdx.c | 6 | ||||
| -rw-r--r-- | target/i386/kvm/tdx.h | 3 |
3 files changed, 14 insertions, 1 deletions
diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index 1b0671c523..b1b5f11e73 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -44,6 +44,7 @@ #include "standard-headers/asm-x86/bootparam.h" #include CONFIG_DEVICES #include "kvm/kvm_i386.h" +#include "kvm/tdx.h" #ifdef CONFIG_XEN_EMU #include "hw/xen/xen.h" @@ -1035,11 +1036,14 @@ void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware, if (machine_require_guest_memfd(MACHINE(x86ms))) { memory_region_init_ram_guest_memfd(&x86ms->bios, NULL, "pc.bios", bios_size, &error_fatal); + if (is_tdx_vm()) { + tdx_set_tdvf_region(&x86ms->bios); + } } else { memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", bios_size, &error_fatal); } - if (sev_enabled()) { + if (sev_enabled() || is_tdx_vm()) { /* * The concept of a "reset" simply doesn't exist for * confidential computing guests, we have to destroy and diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 93a16a1aaa..0f5acbf980 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -137,6 +137,12 @@ static int get_tdx_capabilities(Error **errp) return 0; } +void tdx_set_tdvf_region(MemoryRegion *tdvf_mr) +{ + assert(!tdx_guest->tdvf_mr); + tdx_guest->tdvf_mr = tdvf_mr; +} + static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { TdxGuest *tdx = TDX_GUEST(cgs); diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index d39e733d9f..b73461b8d8 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -30,6 +30,8 @@ typedef struct TdxGuest { char *mrconfigid; /* base64 encoded sha348 digest */ char *mrowner; /* base64 encoded sha348 digest */ char *mrownerconfig; /* base64 encoded sha348 digest */ + + MemoryRegion *tdvf_mr; } TdxGuest; #ifdef CONFIG_TDX @@ -39,5 +41,6 @@ bool is_tdx_vm(void); #endif /* CONFIG_TDX */ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp); +void tdx_set_tdvf_region(MemoryRegion *tdvf_mr); #endif /* QEMU_I386_TDX_H */ |