Merge pull request #356 from peterfang/dev-igvm-tdp

igvm: initial support for TD Partitioning

Makefile

@@ -40,6 +40,7 @@ C_BIT_POS ?= 51
 
 STAGE1_OBJS = stage1/stage1.o stage1/reset.o
 STAGE1_TEST_OBJS = stage1/stage1-test.o stage1/reset.o
+STAGE1_TRAMPOLINE_OBJS = stage1/stage1-trampoline.o stage1/reset.o
 IGVM_FILES = bin/coconut-qemu.igvm bin/coconut-hyperv.igvm
 IGVMBUILDER = "target/x86_64-unknown-linux-gnu/${TARGET_PATH}/igvmbuilder"
 IGVMBIN = bin/igvmbld
@@ -68,16 +69,16 @@ $(IGVMBUILDER):
 $(IGVMMEASURE):
 	cargo build ${CARGO_ARGS} --target=x86_64-unknown-linux-gnu -p igvmmeasure
 
-bin/coconut-qemu.igvm: $(IGVMBUILDER) $(IGVMMEASURE) bin/svsm-kernel.elf bin/stage2.bin ${FS_BIN}
-	$(IGVMBUILDER) --sort --policy 0x30000 --output $@ --stage2 bin/stage2.bin --kernel bin/svsm-kernel.elf --filesystem ${FS_BIN} ${BUILD_FW} qemu
+bin/coconut-qemu.igvm: $(IGVMBUILDER) $(IGVMMEASURE) bin/stage1-trampoline.bin bin/svsm-kernel.elf bin/stage2.bin ${FS_BIN}
+	$(IGVMBUILDER) --sort --policy 0x30000 --output $@ --tdx-stage1 bin/stage1-trampoline.bin --stage2 bin/stage2.bin --kernel bin/svsm-kernel.elf --filesystem ${FS_BIN} ${BUILD_FW} qemu --snp --tdp
 	$(IGVMMEASURE) --check-kvm $@ measure
 
-bin/coconut-hyperv.igvm: $(IGVMBUILDER)  $(IGVMMEASURE) bin/svsm-kernel.elf bin/stage2.bin
-	$(IGVMBUILDER) --sort --output $@ --stage2 bin/stage2.bin --kernel bin/svsm-kernel.elf --comport 3 hyper-v --native
+bin/coconut-hyperv.igvm: $(IGVMBUILDER) $(IGVMMEASURE) bin/stage1-trampoline.bin bin/svsm-kernel.elf bin/stage2.bin
+	$(IGVMBUILDER) --sort --output $@ --tdx-stage1 bin/stage1-trampoline.bin --stage2 bin/stage2.bin --kernel bin/svsm-kernel.elf --comport 3 hyper-v --native --snp --tdp
 	$(IGVMMEASURE) $@ measure
 
-bin/coconut-test-qemu.igvm: $(IGVMBUILDER)  $(IGVMMEASURE) bin/test-kernel.elf bin/stage2.bin
-	$(IGVMBUILDER) --sort --output $@ --stage2 bin/stage2.bin --kernel bin/test-kernel.elf qemu
+bin/coconut-test-qemu.igvm: $(IGVMBUILDER) $(IGVMMEASURE) bin/stage1-trampoline.bin bin/test-kernel.elf bin/stage2.bin
+	$(IGVMBUILDER) --sort --output $@ --tdx-stage1 bin/stage1-trampoline.bin --stage2 bin/stage2.bin --kernel bin/test-kernel.elf qemu --snp --tdp
 	$(IGVMMEASURE) $@ measure
 
 test:
@@ -107,7 +108,7 @@ utils/print-meta: utils/print-meta.c
 utils/cbit: utils/cbit.c
 	cc -O3 -Wall -o $@ $<
 
-bin/meta.bin: utils/gen_meta utils/print-meta
+bin/meta.bin: utils/gen_meta utils/print-meta bin
 	./utils/gen_meta $@
 
 bin/stage2.bin: bin
@@ -130,14 +131,17 @@ endif
 
 stage1/stage1.o: stage1/stage1.S bin/stage2.bin bin/svsm-fs.bin bin/svsm-kernel.elf bin
 	ln -sf svsm-kernel.elf bin/kernel.elf
-	cc -c -o $@ stage1/stage1.S
+	cc -c -DLOAD_STAGE2 -o $@ $<
 	rm -f bin/kernel.elf
 
 stage1/stage1-test.o: stage1/stage1.S bin/stage2.bin bin/svsm-fs.bin bin/test-kernel.elf bin
 	ln -sf test-kernel.elf bin/kernel.elf
-	cc -c -o $@ stage1/stage1.S
+	cc -c -DLOAD_STAGE2 -o $@ $<
 	rm -f bin/kernel.elf
 
+stage1/stage1-trampoline.o: stage1/stage1.S
+	cc -c -o $@ $<
+
 stage1/reset.o:  stage1/reset.S bin/meta.bin
 
 bin/stage1: ${STAGE1_OBJS}
@@ -146,9 +150,15 @@ bin/stage1: ${STAGE1_OBJS}
 bin/stage1-test: ${STAGE1_TEST_OBJS}
 	$(CC) -o $@ $(STAGE1_TEST_OBJS) -nostdlib -Wl,--build-id=none -Wl,-Tstage1/stage1.lds -no-pie
 
+bin/stage1-trampoline: ${STAGE1_TRAMPOLINE_OBJS}
+	$(CC) -o $@ $(STAGE1_TRAMPOLINE_OBJS) -nostdlib -Wl,--build-id=none -Wl,-Tstage1/stage1.lds -no-pie
+
 bin/svsm.bin: bin/stage1
 	objcopy -O binary $< $@
 
+bin/stage1-trampoline.bin: bin/stage1-trampoline
+	objcopy -O binary $< $@
+
 clippy:
 	cargo clippy --workspace --all-features --exclude svsm-fuzz --exclude igvmbuilder --exclude igvmmeasure -- -D warnings
 	cargo clippy --workspace --all-features --exclude svsm-fuzz --exclude svsm --target=x86_64-unknown-linux-gnu -- -D warnings
@@ -158,7 +168,7 @@ clippy:
 clean:
 	cargo clean
 	rm -f stage1/*.o stage1/*.bin stage1/*.elf
-	rm -f ${STAGE1_OBJS} utils/gen_meta utils/print-meta
+	rm -f utils/gen_meta utils/print-meta
 	rm -rf bin
 
 distclean: clean

bootlib/src/igvm_params.rs

@@ -125,6 +125,15 @@ pub struct IgvmParamBlock {
     /// IGVM file.
     pub firmware: IgvmParamBlockFwInfo,
 
+    /// The number of bytes for the stage1 bootloader
+    pub stage1_size: u32,
+
+    #[doc(hidden)]
+    pub _reserved2: u32,
+
+    /// The guest physical address of the base of the stage1 bootloader
+    pub stage1_base: u64,
+
     /// The amount of space that must be reserved at the base of the kernel
     /// memory region (e.g. for VMSA contents).
     pub kernel_reserved_size: u32,

bootlib/src/platform.rs

@@ -10,12 +10,14 @@
 pub enum SvsmPlatformType {
     Native = 0,
     Snp = 1,
+    Tdp = 2,
 }
 
 impl From<u32> for SvsmPlatformType {
     fn from(value: u32) -> Self {
         match value {
             1 => Self::Snp,
+            2 => Self::Tdp,
             _ => Self::Native,
         }
     }

igvmbuilder/src/cmd_options.rs

@@ -8,6 +8,10 @@ use clap::{Parser, ValueEnum};
 
 #[derive(Parser, Debug)]
 pub struct CmdOptions {
+    /// Optional TDX stage 1 binary file
+    #[arg(long)]
+    pub tdx_stage1: Option<String>,
+
     /// Stage 2 binary file
     #[arg(short, long)]
     pub stage2: String,
@@ -48,6 +52,14 @@ pub struct CmdOptions {
     #[arg(long)]
     pub policy: Option<String>,
 
+    /// Include SEV-SNP platform target
+    #[arg(long, default_value_t = false)]
+    pub snp: bool,
+
+    /// Include TD Partitioning platform target
+    #[arg(long, default_value_t = false)]
+    pub tdp: bool,
+
     /// Include NATIVE platform target
     #[arg(long, default_value_t = false)]
     pub native: bool,

igvmbuilder/src/gpa_map.rs

@@ -11,6 +11,7 @@ use igvm_defs::PAGE_SIZE_4K;
 
 use crate::cmd_options::{CmdOptions, Hypervisor};
 use crate::firmware::Firmware;
+use crate::igvm_builder::{COMPATIBILITY_MASK, TDP_COMPATIBILITY_MASK};
 
 #[derive(Debug, Copy, Clone)]
 pub struct GpaRange {
@@ -50,6 +51,7 @@ impl GpaRange {
 
 #[derive(Debug)]
 pub struct GpaMap {
+    pub stage1_image: GpaRange,
     pub low_memory: GpaRange,
     pub stage2_stack: GpaRange,
     pub stage2_image: GpaRange,
@@ -81,7 +83,20 @@ impl GpaMap {
         //   0x1nnnnn-0x1nnnnn: filesystem
         //   0x1nnnnn-0x1nnnnn: IGVM parameter block
         //   0x1nnnnn-0x1nnnnn: general and memory map parameter pages
-        //   0xFFnn0000-0xFFFFFFFF: OVMF firmware (QEMU only, if specified)
+        //   0xFFnn0000-0xFFFFFFFF: [TDX stage 1 +] OVMF firmware (QEMU only, if specified)
+
+        let stage1_image = if let Some(stage1) = &options.tdx_stage1 {
+            if COMPATIBILITY_MASK.contains(TDP_COMPATIBILITY_MASK) {
+                // Obtain the length of the binary file
+                let stage1_len = Self::get_metadata(stage1)?.len();
+                // TDX stage1 must be located to end at 4GB
+                GpaRange::new((1u64 << 32) - stage1_len, stage1_len)?
+            } else {
+                return Err("TDP platform must be specified when using --tdx-stage1".into());
+            }
+        } else {
+            GpaRange::new(0, 0)?
+        };
 
         // Obtain the lengths of the binary files
         let stage2_len = Self::get_metadata(&options.stage2)?.len() as usize;
@@ -159,6 +174,7 @@ impl GpaMap {
         };
 
         let gpa_map = Self {
+            stage1_image,
             low_memory: GpaRange::new(0, 0xf000)?,
             stage2_stack: GpaRange::new_page(0xf000)?,
             stage2_image,