mirror of
https://github.com/ultravioletrs/cocos.git
synced 2026-06-23 04:10:25 +00:00
NOISSUE - Add SEV-SNP support for kernel 6.11 (#298)
This commit is contained in:
Danko Miladinovic
committed by
GitHub
GitHub
parent
f6a93fe2a1
commit
6f747190b9
+25
-27
@@ -131,16 +131,16 @@ func (config Config) ConstructQemuArgs() []string {
|
||||
config.MemoryConfig.Slots,
|
||||
config.MemoryConfig.Max))
|
||||
|
||||
// OVMF
|
||||
args = append(args, "-drive",
|
||||
fmt.Sprintf("if=%s,format=%s,unit=%d,file=%s,readonly=%s",
|
||||
config.OVMFCodeConfig.If,
|
||||
config.OVMFCodeConfig.Format,
|
||||
config.OVMFCodeConfig.Unit,
|
||||
config.OVMFCodeConfig.File,
|
||||
config.OVMFCodeConfig.ReadOnly))
|
||||
if !config.EnableSEVSNP {
|
||||
// OVMF
|
||||
args = append(args, "-drive",
|
||||
fmt.Sprintf("if=%s,format=%s,unit=%d,file=%s,readonly=%s",
|
||||
config.OVMFCodeConfig.If,
|
||||
config.OVMFCodeConfig.Format,
|
||||
config.OVMFCodeConfig.Unit,
|
||||
config.OVMFCodeConfig.File,
|
||||
config.OVMFCodeConfig.ReadOnly))
|
||||
|
||||
if !config.KernelHash {
|
||||
args = append(args, "-drive",
|
||||
fmt.Sprintf("if=%s,format=%s,unit=%d,file=%s",
|
||||
config.OVMFVarsConfig.If,
|
||||
@@ -165,27 +165,19 @@ func (config Config) ConstructQemuArgs() []string {
|
||||
|
||||
args = append(args, "-device", fmt.Sprintf("vhost-vsock-pci,id=%s,guest-cid=%d", config.VSockConfig.ID, config.VSockConfig.GuestCID))
|
||||
|
||||
if config.EnableSEVSNP {
|
||||
args = append(args, "-object",
|
||||
fmt.Sprintf("memory-backend-memfd-private,id=%s,size=%s,share=true",
|
||||
config.MemID,
|
||||
config.MemoryConfig.Size))
|
||||
args = append(args, "-machine",
|
||||
fmt.Sprintf("memory-backend=%s,kvm-type=protected",
|
||||
config.MemID))
|
||||
}
|
||||
|
||||
args = append(args, "-kernel", config.DiskImgConfig.KernelFile)
|
||||
args = append(args, "-append", strconv.Quote(KernelCommandLine))
|
||||
args = append(args, "-initrd", config.DiskImgConfig.RootFsFile)
|
||||
|
||||
// SEV
|
||||
if config.EnableSEV || config.EnableSEVSNP {
|
||||
sevType := "sev-guest"
|
||||
kernelHash := ""
|
||||
hostData := ""
|
||||
|
||||
args = append(args, "-machine",
|
||||
fmt.Sprintf("confidential-guest-support=%s,memory-backend=%s",
|
||||
config.SevConfig.ID,
|
||||
config.MemID))
|
||||
|
||||
if config.EnableSEVSNP {
|
||||
args = append(args, "-bios", config.OVMFCodeConfig.File)
|
||||
sevType = "sev-snp-guest"
|
||||
|
||||
if config.SevConfig.HostData != "" {
|
||||
@@ -194,9 +186,14 @@ func (config Config) ConstructQemuArgs() []string {
|
||||
}
|
||||
|
||||
if config.KernelHash {
|
||||
kernelHash = ",discard=none,kernel-hashes=on"
|
||||
kernelHash = ",kernel-hashes=on"
|
||||
}
|
||||
|
||||
args = append(args, "-object",
|
||||
fmt.Sprintf("memory-backend-memfd,id=%s,size=%s,share=true,prealloc=false",
|
||||
config.MemID,
|
||||
config.MemoryConfig.Size))
|
||||
|
||||
args = append(args, "-object",
|
||||
fmt.Sprintf("%s,id=%s,cbitpos=%d,reduced-phys-bits=%d%s%s",
|
||||
sevType,
|
||||
@@ -205,11 +202,12 @@ func (config Config) ConstructQemuArgs() []string {
|
||||
config.SevConfig.ReducedPhysBits,
|
||||
kernelHash,
|
||||
hostData))
|
||||
|
||||
args = append(args, "-machine",
|
||||
fmt.Sprintf("memory-encryption=%s", config.SevConfig.ID))
|
||||
}
|
||||
|
||||
args = append(args, "-kernel", config.DiskImgConfig.KernelFile)
|
||||
args = append(args, "-append", strconv.Quote(KernelCommandLine))
|
||||
args = append(args, "-initrd", config.DiskImgConfig.RootFsFile)
|
||||
|
||||
// display
|
||||
if config.NoGraphic {
|
||||
args = append(args, "-nographic")
|
||||
|
||||
@@ -141,18 +141,16 @@ func TestConstructQemuArgs(t *testing.T) {
|
||||
"-cpu", "EPYC",
|
||||
"-smp", "4,maxcpus=64",
|
||||
"-m", "2048M,slots=5,maxmem=30G",
|
||||
"-drive", "if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE.fd,readonly=on",
|
||||
"-drive", "if=pflash,format=raw,unit=1,file=/usr/share/OVMF/OVMF_VARS.fd",
|
||||
"-netdev", "user,id=vmnic,hostfwd=tcp::7020-:7002",
|
||||
"-device", "virtio-net-pci,disable-legacy=on,iommu_platform=true,netdev=vmnic,addr=0x2,romfile=",
|
||||
"-device", "vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=3",
|
||||
"-object", "memory-backend-memfd-private,id=ram1,size=2048M,share=true",
|
||||
"-machine", "memory-backend=ram1,kvm-type=protected",
|
||||
"-machine", "confidential-guest-support=sev0,memory-backend=ram1",
|
||||
"-bios", "/usr/share/OVMF/OVMF_CODE.fd",
|
||||
"-object", "memory-backend-memfd,id=ram1,size=2048M,share=true,prealloc=false",
|
||||
"-object", "sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1",
|
||||
"-kernel", "img/bzImage",
|
||||
"-append", "\"quiet console=null rootfstype=ramfs\"",
|
||||
"-initrd", "img/rootfs.cpio.gz",
|
||||
"-object", "sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1",
|
||||
"-machine", "memory-encryption=sev0",
|
||||
"-nographic",
|
||||
"-monitor", "pty",
|
||||
},
|
||||
@@ -183,7 +181,7 @@ func TestConstructQemuArgs_KernelHash(t *testing.T) {
|
||||
result := config.ConstructQemuArgs()
|
||||
|
||||
expected := "-object"
|
||||
expectedValue := "sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,discard=none,kernel-hashes=on"
|
||||
expectedValue := "sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,kernel-hashes=on"
|
||||
|
||||
found := false
|
||||
for i, arg := range result {
|
||||
|
||||
Reference in New Issue
Block a user