Include SVSM module as a payload in OVMF firmware image #33
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
osteffenrh
reviewed
May 10, 2023
Add .vscode/settings.json that correctly configures the vscode Rust analyzer and ignores git repositories for all submodules to improve developer experience for people using vscode. Signed-off-by: Roy Hopkins <[email protected]>
COCONUT-SVSM requires a build of OVMF that supports booting via an SVSM module. A default OVMF X64 firmware does not include this capability. Therefore, rather than instructing the developer how to clone and prepare a build of EDK2/OVMF, this patch adds the correct EDK2 repository and branch as a submodule and builds it as part of the SVSM makefile. Signed-off-by: Roy Hopkins <[email protected]>
COCONUT-SVSM currently exclusively launches guests under OVMF. However, we should not assume this will always be the case. With this in mind, and also to prepare for integrating the SVSM build with OVMF the current OVMF specific code has been refactored into a module to abstract specific steps away from svsm.rs. If another guest firmware is required in the future, it will be quite simple to create a trait from the ovmf_fw/OvmfFw structure to limit any changes required to the main SVSM module. Signed-off-by: Roy Hopkins <[email protected]>
|
Closing this draft PR now pending future discussions on strategies for building and packaging the SVSM and firmware. I'll retain the branch for future reference. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current svsm module needs to be loaded as a separate pflash image where QEMU detects the svsm pflash, reads the metadata and launches the module using a 32-bit entry point at offset 0 of the image. This PR introduces changes that combine the firmware images for OVMF and the svsm module as well as reorganising the entry points to simplify the configuration of the VM as well as allow removal of some boilerplate in QEMU.
The major changes introduced are:
With these changes, it is possible to revert some of the boilerplate added to QEMU detect and launch the SVSM.
Please note that the final commit in the series switches to using the OvmfSvsmX64 package. This is currently in an active PR (coconut-svsm/edk2#1) and has not yet been merged so in order to successfully build the code for this PR you will need to checkout the relevant code from that EDK2 PR branch. Hence this PR is marked as draft until that code is merged.