Add TDP support for IGVM

backends/confidential-guest-support.c

@@ -68,6 +68,17 @@ static int set_guest_state(hwaddr gpa, uint8_t *ptr, uint64_t len,
     return -1;
 }
 
+static int set_guest_policy(ConfidentialGuestPolicyType policy_type,
+                            uint64_t policy,
+                            void *policy_data1, uint32_t policy_data1_size,
+                            void *policy_data2, uint32_t policy_data2_size,
+                            Error **errp)
+{
+    error_setg(errp,
+               "Setting confidential guest policy is not supported for this platform");
+    return -1;
+}
+
 static int get_mem_map_entry(int index, ConfidentialGuestMemoryMapEntry *entry,
                              Error **errp)
 {
@@ -77,12 +88,22 @@ static int get_mem_map_entry(int index, ConfidentialGuestMemoryMapEntry *entry,
     return -1;
 }
 
+static int memory_is_shared(Error **errp)
+{
+    error_setg(
+        errp,
+        "Shared/private pages are not supported for this platform");
+    return -1;
+}
+
 static void confidential_guest_support_init(Object *obj)
 {
     ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj);
     cgs->check_support = check_support;
     cgs->set_guest_state = set_guest_state;
+    cgs->set_guest_policy = set_guest_policy;
     cgs->get_mem_map_entry = get_mem_map_entry;
+    cgs->memory_is_shared = memory_is_shared;
 }
 
 static void confidential_guest_support_finalize(Object *obj)

hw/i386/pc_sysfw.c

@@ -231,13 +231,8 @@ void pc_system_firmware_init(PCMachineState *pcms,
     }
 
     if (!pflash_blk[0]) {
-        /*
-         * Machine property pflash0 not set, use ROM mode unless using IGVM,
-         * in which case the firmware must be provided by the IGVM file.
-         */
-        if (!cgs_is_igvm(MACHINE(pcms)->cgs)) {
-            x86_bios_rom_init(MACHINE(pcms), "bios.bin", pcms->firmware2, rom_memory, false);
-        }
+        /* Machine property pflash0 not set, use ROM mode */
+        x86_bios_rom_init(MACHINE(pcms), "bios.bin", pcms->firmware2, rom_memory, false);
     } else {
         if (kvm_enabled() && !kvm_readonly_mem_enabled()) {
             /*

hw/i386/tdvf.c

@@ -101,16 +101,7 @@ static TdvfMetadata *tdvf_get_metadata(TdxFirmware *fw, void *flash_ptr, int siz
     return metadata;
 }
 
-static int tdvf_parse_and_check_section_entry(const TdvfSectionEntry *src,
-                                              TdxFirmwareEntry *entry)
-{
-    entry->data_offset = le32_to_cpu(src->DataOffset);
-    entry->data_len = le32_to_cpu(src->RawDataSize);
-    entry->address = le64_to_cpu(src->MemoryAddress);
-    entry->size = le64_to_cpu(src->MemoryDataSize);
-    entry->type = le32_to_cpu(src->Type);
-    entry->attributes = le32_to_cpu(src->Attributes);
-
+static int check_entry(TdxFirmwareEntry *entry) {
     /* sanity check */
     if (entry->size < entry->data_len) {
         error_report("Broken metadata RawDataSize 0x%x MemoryDataSize 0x%lx",
@@ -152,6 +143,19 @@ static int tdvf_parse_and_check_section_entry(const TdvfSectionEntry *src,
     return 0;
 }
 
+static int tdvf_parse_and_check_section_entry(const TdvfSectionEntry *src,
+                                              TdxFirmwareEntry *entry)
+{
+    entry->data_offset = le32_to_cpu(src->DataOffset);
+    entry->data_len = le32_to_cpu(src->RawDataSize);
+    entry->address = le64_to_cpu(src->MemoryAddress);
+    entry->size = le64_to_cpu(src->MemoryDataSize);
+    entry->type = le32_to_cpu(src->Type);
+    entry->attributes = le32_to_cpu(src->Attributes);
+
+    return check_entry(entry);
+}
+
 int tdvf_parse_metadata(TdxFirmware *fw, void *flash_ptr, int size)
 {
     TdvfSectionEntry *sections;
@@ -230,3 +234,25 @@ int tdvf_parse_metadata(TdxFirmware *fw, void *flash_ptr, int size)
     g_free(fw->entries);
     return -EINVAL;
 }
+
+int tdvf_initialize_igvm(TdxFirmware *fw)
+{
+    /* IGVM will be processed in cgs_process_igvm() */
+    fw->nr_entries = 0;
+    fw->entries = NULL;
+    /* Use absolute addressing */
+    fw->mem_ptr = 0;
+    return 0;
+}
+
+int tdvf_add_metadata(TdxFirmware *fw, TdxFirmwareEntry *entry)
+{
+    TdxFirmwareEntry *e;
+
+    fw->entries = g_renew(TdxFirmwareEntry, fw->entries, ++fw->nr_entries);
+
+    e = &fw->entries[fw->nr_entries - 1];
+    *e = *entry;
+
+    return check_entry(e);
+}

hw/i386/x86.c

@@ -1144,6 +1144,14 @@ void x86_bios_rom_init(MachineState *ms, const char *default_firmware,
     int bios_size, bios2_size = 0, isa_bios_size;
     ssize_t ret;
 
+    if (cgs_is_igvm(ms->cgs)) {
+        /* When using IGVM, the firmware must be provided by the IGVM file */
+        if (is_tdx_vm()) {
+            tdx_initialize_igvm();
+        }
+        return;
+    }
+
     /* BIOS load */
     bios_name = ms->firmware ?: default_firmware;
     filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);

include/exec/confidential-guest-support.h

@@ -41,6 +41,7 @@ typedef enum ConfidentialGuestPlatformType {
     CGS_PLATFORM_SEV,
     CGS_PLATFORM_SEV_ES,
     CGS_PLATFORM_SEV_SNP,
+    CGS_PLATFORM_TDP,
 } ConfidentialGuestPlatformType;
 
 typedef enum ConfidentialGuestMemoryType {
@@ -67,6 +68,10 @@ typedef enum ConfidentialGuestPageType {
     CGS_PAGE_TYPE_REQUIRED_MEMORY,
 } ConfidentialGuestPageType;
 
+typedef enum ConfidentialGuestPolicyType {
+    GUEST_POLICY_SEV,
+} ConfidentialGuestPolicyType;
+
 struct ConfidentialGuestSupport {
     Object parent;
 
@@ -135,6 +140,23 @@ struct ConfidentialGuestSupport {
                            ConfidentialGuestPageType memory_type,
                            uint16_t cpu_index, Error **errp);
 
+    /*
+     * Set the guest policy. The policy can be used to configure the
+     * confidential platform, such as if debug is enabled or not and can contain
+     * information about expected launch measurements, signed verification of
+     * guest configuration and other platform data.
+     *
+     * The format of the policy data is specific to each platform. For example,
+     * SEV-SNP uses a policy bitfield in the 'policy' argument and provides an
+     * ID block and ID authentication in the 'policy_data' parameters. The type
+     * of policy data is identified by the 'policy_type' argument.
+     */
+    int (*set_guest_policy)(ConfidentialGuestPolicyType policy_type,
+                            uint64_t policy,
+                            void *policy_data1, uint32_t policy_data1_size,
+                            void *policy_data2, uint32_t policy_data2_size,
+                            Error **errp);
+
     /*
      * Iterate the system memory map, getting the entry with the given index
      * that can be populated into guest memory.
@@ -143,6 +165,13 @@ struct ConfidentialGuestSupport {
      */
     int (*get_mem_map_entry)(int index, ConfidentialGuestMemoryMapEntry *entry,
                              Error **errp);
+
+    /*
+     * Returns 1 if memory pages start as shared pages.
+     * Returns 0 if memory pages start as private pages.
+     * Returns -1 on error.
+     */
+    int (*memory_is_shared)(Error **errp);
 };
 
 typedef struct ConfidentialGuestSupportClass {

include/hw/i386/tdvf.h

@@ -33,7 +33,7 @@
 #define TDVF_SECTION_ATTRIBUTES_PAGE_AUG    (1U << 1)
 
 typedef struct TdxFirmwareEntry {
-    uint32_t data_offset;
+    uint64_t data_offset;
     uint32_t data_len;
     uint64_t address;
     uint64_t size;
@@ -56,5 +56,7 @@ typedef struct TdxFirmware {
     for (e = (fw)->entries; e != (fw)->entries + (fw)->nr_entries; e++)
 
 int tdvf_parse_metadata(TdxFirmware *fw, void *flash_ptr, int size);
+int tdvf_initialize_igvm(TdxFirmware *fw);
+int tdvf_add_metadata(TdxFirmware *fw, TdxFirmwareEntry *entry);
 
 #endif /* HW_I386_TDVF_H */

qapi/qom.json

@@ -998,6 +998,7 @@
 # Since: 9.0
 ##
 { 'struct': 'TdxGuestProperties',
+  'base': 'ConfidentialGuestProperties',
   'data': { '*sept-ve-disable': 'bool',
             '*mrconfigid': 'str',
             '*mrowner': 'str',

target/i386/kvm/tdx-stub.c

@@ -12,6 +12,11 @@ int tdx_parse_tdvf(void *flash_ptr, int size)
     return -EINVAL;
 }
 
+int tdx_initialize_igvm(void)
+{
+    return -EINVAL;
+}
+
 int tdx_handle_exit(X86CPU *cpu, struct kvm_tdx_exit *tdx_exit)
 {
     return -EINVAL;