MTRR emulation belongs to virtual CPU component.
- rename mtrr.c to vmtrr.c and move it to arch/x86/guest
- rename mtrr.h to vmtrr.h and move it to include/arch/x86/guest
Tracked-On: #1842
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch adds more comment to describe functions that are
interfaces to the other modules in the hypervisor. The comments
are in doxygen-style for document generation.
Tracked-On: #1595
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
This patch adds vtd.h to the input of doxygen and replaces hard-coded API docs
with doxygen-generated ones.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
CSE FW uses an AEK (Attestation keybox Encryption Key) to encrypt the keybox
with AES-256-GCM algorithm before sending it to Android/Trusty. This key is
derived from the latest platform Seed by CSE FW with KDF (key derivation function)
HMAC-SHA256. After Trusty retrieves this encrypted keybox over HECI/MEI driver,
Trusty needs the same AEKkey to decrypt it. Hence, before Trusty launches,
Hypervisor derives the same AEK key from Platform Seed with the same algorithm
and the same derivation parameters, then sends this AEK along with Trusty vSeed
to Trusty world memory.
Since Platform Seed is only visible to Hypervisor and it must not be
sent to any guest VM, only Hypervisor can derive this AEK from this
Platform Seed, just like previous per-Trusty virtual Seed derivation.
Please note that Android Attestation Keybox is shared in a single hardware
platform, so all the Trusty instance/world can get the same AEK for
decryption even if there are multiple Android User OS/VMs running
on top of Hypervisor.
v1 --> v2:
Add detailed description why we need the patch to derive an extra key
v2 --> v3:
Convert API descriptions to Doxygen
Tracked-On: #1812
Reviewed-by: Bing Zhu <bing.zhu@intel.com>
Reviewed-by: Kai Wang <kai.z.wang@intel.com>
Signed-off-by: Chen Gang G <gang.g.chen@intel.com>
Acked-by: Bing Zhu <bing.zhu@intel.com>
This patch adds ioreq.h to the input of doxygen and replaces hard-coded API docs
with doxygen-generated ones.
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch adds vtd.h to the input of doxygen and replaces hard-coded API docs
with doxygen-generated ones.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
PR #1678 requires slight tweaking of doxygen/known-issues handling to
successfully generate documentation
Tracked-on: #1595
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Move the existing Trusty document to the doc/ folder (where
it belongs) and convert the text to ReST.
The Documentation/ folder under hypervisor/ is removed as all
documents should be put under doc/.
All technical information has been preserved or was already
available in other documents.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
On some system, the current doxygen configuration file will
generate a warning if CLANG_ASSISTED_PARSING was not enbabled
at compile time.
This is not used but the simple fact it's listed in the
configuration file (turned off) still generates the warning. So
comment out the option altogether to get a clean log output.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Include more doxygen info, flag undocumented material, update
.known_issues matching for known doxygen/sphinx issues
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add the "Introduction of Project Acorn" doc.
Also adds improvements to the doc generation processes, content styles,
removed doxygen-generated API material.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Zide Chen