svsm: Combine SVSM and OVMF into single fw image

Builds the EDK2 submodule using the OvmfSvsmX64 package, which was added to the SVSM EDK2 branch. This package takes the output of the COCONUT-SVSM build in svsm.bin and adds it as a payload within the OVMF_CODE.fd fimware image, restructuring the reset vector and VTF metadata to support booting SVSM first followed by OVMF. This commit updates the OVMF build scripts to use the new OVMF package as well as updating the expected location of the OVMF metadata. The documentation is also updated to reflect these changes. Signed-off-by: Roy Hopkins <[email protected]>
coconut-svsm · May 10, 2023 · f5bc0db · f5bc0db
1 parent 7babdb9
commit f5bc0db
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 16 deletions.
diff --git a/INSTALL.md b/INSTALL.md
@@ -171,9 +171,13 @@ $ make RELEASE=1
 
 to build the SVSM with the release target. 
 
-In addition, the special version of OVMF that supports COCONUT-SVSM will be
-built. The firmware volumes for debug and release can be found in their
-respective directories: 
+
+When the build is finished there will be the file ```svsm.bin``` in the
+top-directory of the repository. This contains the binary image for the SVSM
+module. However, the makefile also builds a firmware volume that contains the
+SVSM module embedded alongside the special build of OVMF. This firmware volume is
+the file which needs to be passed to QEMU. The firmware volumes for debug and
+release can be found in their respective directories:
 
 ```
 $ cp ovmf/debug/* /path/to/firmware/
@@ -210,13 +214,13 @@ run SEV-SNP guests. An ```sev-snp-guest``` object needs to be defined to
 enable SEV-SNP protection for the guest. The 'svsm=on' parameter makes
 QEMU reserve a small amount of guest memory for the SVSM.
 
-Further, the OVMF binaries and the SVSM binary need to be passed to
-QEMU. This happens via pflash drives:
+Further, the OVMF binaries with embedded SVSM binary need to be passed to
+QEMU. This happens via pflash drives where the standard OVMF firmware is
+replaced with the version built using the COCONUT-SVSM Makefile:
 
 ```
   -drive if=pflash,format=raw,unit=0,file=/path/to/firmware/OVMF_CODE.fd,readonly=on \
   -drive if=pflash,format=raw,unit=1,file=/path/to/firmware/OVMF_VARS.fd,snapshot=on \
-  -drive if=pflash,format=raw,unit=2,file=/path/to/svsm/svsm.bin,readonly=on \
 ```
 
 With these extensions QEMU will launch an SEV-SNP protected guest with
@@ -235,7 +239,6 @@ $ sudo $HOME/bin/qemu-svsm/bin/qemu-system-x86_64 \
   -no-reboot \
   -drive if=pflash,format=raw,unit=0,file=/path/to/firmware/OVMF_CODE.fd,readonly=on \
   -drive if=pflash,format=raw,unit=1,file=/path/to/firmware/OVMF_VARS.fd,snapshot=on \
-  -drive if=pflash,format=raw,unit=2,file=/path/to/svsm/svsm.bin,readonly=on \
   -netdev user,id=vmnic -device e1000,netdev=vmnic,romfile= \
   -drive file=/path/to/guest/image.qcow2,if=none,id=disk0,format=qcow2,snapshot=off \
   -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=on \

diff --git a/Makefile b/Makefile
@@ -2,13 +2,13 @@ ifdef RELEASE
 TARGET_PATH="release"
 CARGO_ARGS="--release"
 OVMF_BUILD_ARGS=
-OVMF_BUILD_DIR=edk2/Build/OvmfX64/RELEASE_GCC5/FV
+OVMF_BUILD_DIR=edk2/Build/OvmfSvsmX64/RELEASE_GCC5/FV
 OVMF_OUTPUT_DIR=ovmf/release
 else
 TARGET_PATH="debug"
 CARGO_ARGS=
 OVMF_BUILD_ARGS=debug
-OVMF_BUILD_DIR=edk2/Build/OvmfX64/DEBUG_GCC5/FV
+OVMF_BUILD_DIR=edk2/Build/OvmfSvsmX64/DEBUG_GCC5/FV
 OVMF_OUTPUT_DIR=ovmf/debug
 endif
 

diff --git a/README.md b/README.md
@@ -64,8 +64,6 @@ any way:
   * vTPM emulation
 * Attestation support
 * Persistency layer (needed for TPM and others)
-* Carry FW as payload of SVSM to make the SVSM binary a drop-in
-  replacement for the FW when launching QEMU
 * Live migration
 
 Acknowledgments

diff --git a/scripts/build-ovmf.sh b/scripts/build-ovmf.sh
@@ -27,9 +27,9 @@ source edksetup.sh --reconfig >> $LOG_FILE 2>> $LOG_FILE
 
 if [[ $1 == "debug" ]]; then
     echo "Building OVMF(debug). Build output logged to edk2/$LOG_FILE."
-    build -a X64 -b DEBUG -t GCC5 -D DEBUG_ON_SERIAL_PORT -D DEBUG_VERBOSE -p OvmfPkg/OvmfPkgX64.dsc >> $LOG_FILE 2>> $LOG_FILE
+    build -a X64 -b DEBUG -t GCC5 -D DEBUG_ON_SERIAL_PORT -D DEBUG_VERBOSE -D SVSM_MODULE_FILE=../svsm.bin -p OvmfPkg/OvmfPkgSvsmX64.dsc >> $LOG_FILE 2>> $LOG_FILE
 else
     echo "Building OVMF(release). Build output logged to edk2/$LOG_FILE."
-    build -a X64 -b RELEASE -t GCC5 -p OvmfPkg/OvmfPkgX64.dsc >> $LOG_FILE 2>> $LOG_FILE
+    build -a X64 -b RELEASE -t GCC5 -D SVSM_MODULE_FILE=../svsm.bin -p OvmfPkg/OvmfPkgSvsmX64.dsc >> $LOG_FILE 2>> $LOG_FILE
 fi
 popd
diff --git a/src/ovmf/ovmf_fw.rs b/src/ovmf/ovmf_fw.rs
@@ -12,7 +12,12 @@ use crate::error::SvsmError;
 
 use super::{SevOVMFMetaData, parse_ovmf_meta_data, print_ovmf_meta, validate_ovmf_memory};
 
-const OVMF_ENTRY : u64 = 0xfffffff0;
+/*
+ * The EDK2 OvmfSvsmX64 platform creates a reset vector with the entry point and metadata
+ * for the SVSM module at 4K below 4GB and the OVMF entry point and metadata at 8K below
+ * 4GB.
+*/
+const OVMF_ENTRY : u64 = 0xffffeff0;
 
 pub struct OvmfFw {
     ovmf_meta: SevOVMFMetaData

diff --git a/src/ovmf/ovmf_meta.rs b/src/ovmf/ovmf_meta.rs
@@ -23,9 +23,10 @@ use core::mem;
 use core::str::FromStr;
 
 /*
- * OVMF metadata is in the 4K page below 4GB
+ * First page below 4GB contains SVSM metadata. Second page
+ * below 4GB contains OVMF metadata.
  */
-const OVMF_METADATA_PHYS: u64 = (4 * SIZE_1G as u64) - (1 * PAGE_SIZE as u64);
+const OVMF_METADATA_PHYS: u64 = (4 * SIZE_1G as u64) - (2 * PAGE_SIZE as u64);
 
 #[derive(Copy, Clone)]
 pub struct SevPreValidMem {