1. refine multiboot related code, move to /boot.
2. firmware files and ramdisk can be stitched in iasImage;
and they will be loaded as multiboot modules.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Add 'CPU_PAGE_MASK' used for calculate address,
Change IA32E_REF_MASK from 0x7ffffffffffff000 to 0x000ffffffffff000
for MMU/EPT entry, bit62:52(ignore) bit63(VE/XD)
if we want to obtain the address from the MMU/EPT entry,need to clear
bit63:52 by IA32E_REF_MASK
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Make the Getting Started Guide instructions more specific and
comprehensive for Clear Linux version 21260 (version of reference)
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Handle version retrieval better when comments are present.
Add warning if Sphinx theme (read_the_docs) is missing.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch is prepared for enabling secure world feature.
this api will create new eptp for secure world, whose PDPT
entries are copied form normal world,the PML4/PDPT for secure
world are separated from Normal World, PD/PT are shared in the
Secure World's EPT and Normal World's EPT.Secure world can
access Normal World's memory, but Normal World can not access
Secure World's memory
This function implemented:
-- Unmap specific memory from guest ept mapping
-- Copy PDPT from Normal world to Secure world
-- Map specific memory for Secure world
-- Unmap specific memory from SOS ept mapping
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Add instructions on how to build the hypervisor and device model
on other operating systems such as Ubuntu/Debian, Fedora/doc/Redhat
and CentOS.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
RELRO rearranges the data sections inside an ELF
executable. It also marks certain areas as 'read-only'
so that these data structures cannot be overwritten while
the process is running.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Enable stack-proctector-strong option for gcc emiting
extra code to check buffer overflow.
Enable noexecstack option for marking the object as not
requiring executable stack.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Replace ASSERT in lib functions with error message print and return a
value indicating error to allow the caller of lib functions to handle
the error.
Change-Id: If166484238dc0734041adfdbb19a5b374c044e33
Signed-off-by: Yan, Like <like.yan@intel.com>
On the APL NUC board (CPU family: 0x6 model: 92), the monitor is buggy.
We can't use it to wake up CPU core from mwait by memory monitor.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add key info structure
add sworld_eptp in vm structure, and rename ept->nworld_eptp
add secure world control structure
Change-Id:
Tracked-On:220921
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Per Project ACRN governance, documentation is under a Creative Commons
Attribution 4.0 International License (CC BY 4.0). This patch updates
this information, and adds a tagline to documentation mentioning this
license.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
"-O2 -D_FORTIFY_SOURCE=2":
GCC C-Compiler can analyze the source code to be compiled and detect
certain insecure sections, that might create a security problem. The
compiler will replace the insecure function calls with special hardened
code that will perform extra runtime checks while the process is
executed.
"-Wformat -Wformat-security":
It warns about calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as in
"printf (foo);". This may be a security hole if the format string came
from untrusted input and contains %n.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
make the doc build process quiet and add filtering of known (Sphinx)
issues. Scripting comes from the open source Zephyr project.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Writing PCIR_BIOS is to get PCI ROM resource length. Ingore the request
as it's not support currently. Else, guest might get wrong information
about the PCI ROM resource.
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
changed 3 to support latest image release
1, deleted one bundle installation -os-clr-on-clr-dev
2, changed the default configuration file path to /usr/share/acrn/demo
3, after installed service os bundle, all the configuration files and scripts were installed, no need to download manually any more
Simplify the publishing process to projectacrn.github.io by making
commits directly to the projectacrn/projectacrn.github.io repo (rather
than to a personal repo, doing a PR, and processing the PR). This
eliminates manual processing in an otherwise automated publishing
process: PR reviews aren't needed for this step.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Initial version of Getting Started Guide doc (and images).
Need to replace images with better ones.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Developer Primer and images, and a tweak to figure formatting
also renamed from Hypervisor Primer to just Developer Primer since the
doc talks about Device Model too.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Change display of RC_VERSION on documents to be
vMAJOR_VERSION.MINOR_VERSION-rcRC_VERSION
if RC_VERSION is non-zero, otherwise only
vMAJOR_VERSION.MINOR_VERSION
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>