The "Enable GVT-d in ACRN" tutorial includes a number of rightwards
arrows. The source text used the "→" symbol for this but this
is not valid in ReST files. We add a substitution for this and use it
in the tutorial instead.
Tracked-On: #5769
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Loosen the restriction of IVSHMEM_REGION of xsd validation. An ivshmem
region can be shared by more than two vms.
Tracked-On: #5672
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Remove obsolete kernel (i915) parameters from the Apollo Lake (APL)
board configurations.
Tracked-On: #5236
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Accessing to software SRAM region is not allowed when
software SRAM is pass-thru to prelaunch RTVM.
This patch removes software SRAM region from service VM
EPT if it is enabled for prelaunch RTVM.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
- Define 'PRE_RTVM_SW_SRAM_ENABLED' only if both
prelaunch RTVM and Software SRAM are configured in
current scenario.
- Define 'PRE_RTVM_SW_SRAM_BASE_GPA' and
'PRE_RTVM_SW_SRAM_END_GPA' only if
'PRE_RTVM_SW_SRAM_ENABLED' is defined.
Tracked-On: #5649
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Fixing an incorrect struct definition for ir_bits in ioapic_rte. Since bits after
the delivery status in the lower 32 bits are not touched by code,
this has never showed up as an issue. And the higher 32 bits in the RTE
are aligned by the compiler.
Tracked-On: #5773
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
After grand update of all titles to use title-case, we found some more
that needed a manual tweak.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
After grand update of all titles to use title-case, we found a few that
needed a manual tweak.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Some terms in the config option docs (Integer, Boolean) are being
flagged by one of our spell checking tools. Let's make it happy.
Tracked-On: #5692
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Horizontal lines were incorrectly removed during the processing for
using title case on all headings. Put them back.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
While we hoped to make the headings consistent over time while doing
other edits, we should instead just make the squirrels happy and do them
all at once or they'll likely never be made consistent.
A python script was used to find the headings, and then a call to
https://pypi.org/project/titlecase to transform the title. A visual
inspection was used to tweak a few unexpected resulting titles.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Update the tutorial on how to use OpenStack and libvirt:
* Use Ubuntu 20.04 as the host and the 'lxd' snap
* Use the Ubuntu Cloud image (instead of Clear Cloud image)
* Delete a screenshot that wasn't in use
Tracked-On: #5564
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
app
change generic folder to generic_board folder in config app according
to the reorg data folders and update the method to save xmls.
Tracked-On: #5723
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
update entry point address for pre-launched zephyr on ehl-crb-b;
update serial console to /dev/ttyS3 on ehl-crb-b.
Tracked-On: #5689
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Currently the VM bootargs load address is hard-coded at 8KB right before
kernel load address, this should work for Linux kernel only since Linux
kernel is guaranteed to be loadered high than GPA 8K so its load address
would never be overflowed, other OS like Zephyr has no such assumption.
Tracked-On: #5689
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Per ACPI 6.x chapter 6.1, "A device object must contain either an _HID object
or an _ADR object, but should not contain both."
Remove this object otherwise iasl would complain
"Warning 3073 - Multiple types ^ (Device object requires either a _HID
or _ADR, but not both)"
when launch post-launched VM in devicemodel.
Tracked-On: #5719
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Per ACPI 6.x chapter 19.6.109, the Processor Operator is deprecated.
Replace it with Device Operator, otherwise the iasl would complain
"Warning 3168 -
Legacy Processor() keyword detected. Use Device() keyword instead."
when launch post-launched VM in devicemodel.
Tracked-On: #5719
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
ivshmem spec says that the size of BAR0 is 256 bytes. Windows
ivshmem driver will check the size of BAR0. It will refuse to
load the ivshmem driver if BAR0 size is not 256.
For post-launched VM hv land ivshmem BARs are allocated by
device model. For pre-launched VM hv land ivshmem BARs are
allocated by acrn-config tool. Both device model and acrn-config
tool should make sure that the BAR base addr are aligned to 4K
at least.
Tracked-On: #5717
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
PCI spec said that BAR base should be naturally aligned. But on
ACRN if the bar size < PAGE_SIZE, BAR base should be aligned with
PAGE_SIZE. This is because the minimal size that EPT can map/unmap
is PAGE_SIZE.
Tracked-On: #5717
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Use of :kbd: isn't appropriate as used and isn't rendered right. change
to inline codeblock notation instead.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Documentation mentions a specific Debian 10 ISO image version that no
longer exists. Update to indiate we validated with debian_10.1.0 but
newer versions should also work.
Tracked-On: #5408
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add a script to build acrn ovmf with GOP driver. The build is
using a ubuntu 16.04 based docker image.
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
add validate_scenario_schema to validate_scenario_setting and update the
excption handling.
Tracked-On: #5672
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
The device descriptor describes general information about a device,
the bcdUSB field contains a BCD version number. The version 3.2 is
represented with value of 0x320H. Add the missed BCD version in the
bcdUSB case statement. And modify the return value of address device
command in case create device failed.
Tracked-On: #5712
Signed-off-by: Liu Long <long.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
resize vm_config buffer from 16KB to 32KB, as 16KB
is not enough on EHL platform, which will result in
crash when accessing this memory.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Various GVT-g kernel parameters are obsolete and no longer implemented
in the latest kernels used with ACRN. Remove these obsolete parameters.
Also remove a few pictures that are no longer referenced by any document.
Tracked-On: #5702
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Start cleaning up formatting and content layout issues in the
xsd-derived configuration option documentation. Includes adding
documentation for unnamed embedded simple types within an element (and
updates to the XSLT transformation to display these), cleanup of element
and type documentation, typos and description clarity.
Improved xsdl translation to automatically include default values and if
an option is optional (instead of manually documenting this in the
description text).
Tracked-On: #5692
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
With the new ACRN configuration architecture, we no longer use Kconfig
files. Remove the Kconfig option documentation scripting (genrest.py)
Python dependencies, and Makefile commands, and change references in the
documentation from the Kconfig option (such as
:option:`CONFIG_MEM_LOGLEVEL`) to the new schema definition-based option
documentation (:option:`hv.DEBUG_OPTION.MEM_LOGLEVEL`).
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
add SW SRAM config for hybrid_rt and industry scenarios on tgl-rvp
and ehl-crb-b boards.
Tracked-On: #5649
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
This patch denies Service VM the access permission to device resources
owned by hypervisor.
HV may own these devices: (1) debug uart pci device for debug version
(2) type 1 pci device if have pre-launched VMs.
Current implementation exposes the mmio/pio resource of HV owned devices
to SOS, should remove them from SOS.
Tracked-On: #5615
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
This patch denies Service VM the access permission to device
resources owned by pre-launched VMs.
Rationale:
* Pre-launched VMs in ACRN are independent of service VM,
and should be immune to attacks from service VM. However,
current implementation exposes the bar resource of passthru
devices to service VM for some reason. This makes it possible
for service VM to crash or attack pre-launched VMs.
* It is same for hypervisor owned devices.
NOTE:
* The MMIO spaces pre-allocated to VFs are still presented to
Service VM. The SR-IOV capable devices assigned to pre-launched
VMs doesn't have the SR-IOV capability. So the MMIO address spaces
pre-allocated by BIOS for VFs are not decoded by hardware and
couldn't be enabled by guest. SOS may live with seeing the address
space or not. We will revisit later.
Tracked-On: #5615
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If pre-launched VM co-exist with SOS, it must has higher severity
than SOS.
Tracked-On: #5615
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
The logical processor scoped IWKey can be copied to or from a
platform-scope storage copy called IWKeyBackup. Copying IWKey to
IWKeyBackup is called ‘backing up IWKey’ and copying from IWKeyBackup to
IWKey is called ‘restoring IWKey’.
IWKeyBackup and the path between it and IWKey are protected against
software and simple hardware attacks. This means that IWKeyBackup can be
used to distribute an IWKey within the logical processors in a platform
in a protected manner.
Linux keylocker implementation uses this feature, so they are
introduced by this patch.
Tracked-On: #5695
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Different vCPU may have different IWKeys. Hypervisor need do the iwkey
context switch.
This patch introduce a load_iwkey() function to do that. Switches the
host iwkey when the switch_in vCPU satisfies:
1) keylocker feature enabled
2) Different from the current loaded one.
Two opportunities to do the load_iwkey():
1) Guest enables CR4.KL bit.
2) vCPU thread context switch.
load_iwkey() costs ~600 cycles when do the load IWKey action.
Tracked-On: #5695
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
KeyLocker is a new security feature available in new Intel CPUs that
protects data-encryption keys for the Advanced Encryption Standard (AES)
algorithm. These keys are more valuable than what they guard. If stolen
once, the key can be repeatedly used even on another system and even
after vulnerability closed.
It also introduces a CPU-internal wrapping key (IWKey), which is a key-
encryption key to wrap AES keys into handles. While the IWKey is
inaccessible to software, randomizing the value during the boot-time
helps its value unpredictable.
Keylocker usage:
- New “ENCODEKEY” instructions take original key input and returns HANDLE
crypted by an internal wrap key (IWKey, init by “LOADIWKEY” instruction)
- Software can then delete the original key from memory
- Early in boot/software, less likely to have vulnerability that allows
stealing original key
- Later encrypt/decrypt can use the HANDLE through new AES KeyLocker
instructions
- Note:
* Software can use original key without knowing it (use HANDLE)
* HANDLE cannot be used on other systems or after warm/cold reset
* IWKey cannot be read from CPU after it's loaded (this is the
nature of this feature) and only 1 copy of IWKey inside CPU.
The virtualization implementation of Key Locker on ACRN is:
- Each vCPU has a 'struct iwkey' to store its IWKey in struct
acrn_vcpu_arch.
- At initilization, every vCPU is created with a random IWKey.
- Hypervisor traps the execution of LOADIWKEY (by 'LOADIWKEY exiting'
VM-exectuion control) of vCPU to capture and save the IWKey if guest
set a new IWKey. Don't support randomization (emulate CPUID to
disable) of the LOADIWKEY as hypervisor cannot capture and save the
random IWKey. From keylocker spec:
"Note that a VMM may wish to enumerate no support for HW random IWKeys
to the guest (i.e. enumerate CPUID.19H:ECX[1] as 0) as such IWKeys
cannot be easily context switched. A guest ENCODEKEY will return the
type of IWKey used (IWKey.KeySource) and thus will notice if a VMM
virtualized a HW random IWKey with a SW specified IWKey."
- In context_switch_in() of each vCPU, hypervisor loads that vCPU's
IWKey into pCPU by LOADIWKEY instruction.
- There is an assumption that ACRN hypervisor will never use the
KeyLocker feature itself.
This patch implements the vCPU's IWKey management and the next patch
implements host context save/restore IWKey logic.
Tracked-On: #5695
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In order for a VMM to capture the IWKey values of guests, processors
that support Key Locker also support a new "LOADIWKEY exiting"
VM-execution control in bit 0 of the tertiary processor-based
VM-execution controls.
This patch enables the tertiary VM-execution controls.
Tracked-On: #5695
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
KeyLocker is a new security feature available in new Intel CPUs that
protects data-encryption keys for the Advanced Encryption Standard (AES)
algorithm.
This patch emulates Keylocker CPUID leaf 19H to support Keylocker
feature for guest VM.
To make the hypervisor being able to manage the IWKey correctly, this
patch doesn't expose hardware random IWKey capability
(CPUID.0x19.ECX[1]) to guest VM.
Tracked-On: #5695
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@Intel.com>
Bit19 (CR4_KL) of CR4 is CPU KeyLocker feature enable bit. Hypervisor
traps the bit's writing to track the keylocker feature on/off of guest.
While the bit is set by guest,
- set cr4_kl_enabled to indicate the vcpu's keylocker feature enabled status
- load vcpu's IWKey in host (will add in later patch)
While the bit is clear by guest,
- clear cr4_kl_enabled
This patch trap and passthru the CR4_KL bit to guest for operation.
Tracked-On: #5695
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
update scenaro xml templates when creating or loading new scenarios
according to config app folder reorg.
set default values for new create VMs from scenario schema when creating
a new scenario setting, adding a new VM, loading new default scenarios
for a new board;
add MBA_DELAY in generic scenario xml.
Tracked-On: #5672
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Reviewed-by: Mao, Junjie <junjie.mao@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
Geoffroy Van Cutsem