CSE FW uses an AEK (Attestation keybox Encryption Key) to encrypt the keybox
with AES-256-GCM algorithm before sending it to Android/Trusty. This key is
derived from the latest platform Seed by CSE FW with KDF (key derivation function)
HMAC-SHA256. After Trusty retrieves this encrypted keybox over HECI/MEI driver,
Trusty needs the same AEKkey to decrypt it. Hence, before Trusty launches,
Hypervisor derives the same AEK key from Platform Seed with the same algorithm
and the same derivation parameters, then sends this AEK along with Trusty vSeed
to Trusty world memory.
Since Platform Seed is only visible to Hypervisor and it must not be
sent to any guest VM, only Hypervisor can derive this AEK from this
Platform Seed, just like previous per-Trusty virtual Seed derivation.
Please note that Android Attestation Keybox is shared in a single hardware
platform, so all the Trusty instance/world can get the same AEK for
decryption even if there are multiple Android User OS/VMs running
on top of Hypervisor.
v1 --> v2:
Add detailed description why we need the patch to derive an extra key
v2 --> v3:
Convert API descriptions to Doxygen
Tracked-On: #1812
Reviewed-by: Bing Zhu <bing.zhu@intel.com>
Reviewed-by: Kai Wang <kai.z.wang@intel.com>
Signed-off-by: Chen Gang G <gang.g.chen@intel.com>
Acked-by: Bing Zhu <bing.zhu@intel.com>
-- Config MAX_EMULATED_MMIO_REGIONS 16 in Kconfig
-- Add emulated mmio array and emulated mmio regions
in vm structure
-- Remove mmio list in vm structure
-- Remove unregister_mmio_emulation_handler and
vioapic_cleanup APIs
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Update Getting Started Guide (GSG) with Clear Linux version and
kernel versions for ACRN v0.3.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Update the capitalization of "Tracked-On" in the documentation.
"Tracked-on" should work but it throws a warning so it's better
to make the documentation focus on using "Tracked-On" only.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Sphinx supports making a single (large) html file instead of a
full website with a collection of html pages. This ``make singlehtml``
option provides the basis for creating a Word document (for example)
via a cut-and-paste of a section of the documentation (not easily
possible when the docs are in multiple HTML files.)
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
updates:
1, update Clear Linux version to 26120 support v0.3 release
2, update product kernel to kernel-iot-lts2018 since there is new named bundle
Signed-off-by: Ailun258 <ailin.yang@intel.com>
-- Add emulated port io index
-- Add emulated pio array in vm structure
-- Remove port list in vm structure
-- Remove free_io_emulation_resource/register_io_handler/
create_io_handler APIs
v2-->v3:
-- not add 'is_emulated', check len == 0U
-- Check if io_read/io_write handler is NULL before calling
-- Replace ENUM with MACRO for emulated pio index to avoid
MISRA-C violations
v1-->v2:
-- Remove EMUL_PIO_NUM in Kconfig, add emulated pio index
for PIC/PCI/UART/RTC/PM
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Transcode, edit, and upload HLD 0.7 section 6.5 (Supported Virtio
Devices), merging with existing reviewed content.
Tracked-on: #1732
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch adds ioreq.h to the input of doxygen and replaces hard-coded API docs
with doxygen-generated ones.
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Getting Started Guide: add one more bundle to be added on a Clear
Linux development machine to make sure 'make' and other development
packages are available.
ACRN Documentation Generation: expand the 'PATH' variable to include
'~/.local/bin' where 'sphinx-build' is installed.
Tracked-On: #1650
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
This patch adds vtd.h to the input of doxygen and replaces hard-coded API docs
with doxygen-generated ones.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
The patch adds related head files to the input of doxygen and
replaces hard-code API docs with doxygen-generated ones.
v1-->v2:
Put the 'kerneldoc' back.
V2-->V3:
Rebase
Tracked-On: #1595
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Convert line endings setting for l1tf.rst doc
from windows style to unix style.
Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Sphinx/Breathe have a known problem with processing unnamed nested
structs and unions that cause a "Duplicate definition" warning.
Use our .known-issues filter to hide these in the HLD content.
Tracked-on: #1706
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Transcode, edit, and upload HLD 0.7 section 4 (Device Model)
Incorporate changes from previously edited acpi-virt.rst and delete
separate doc.
Tracked-on: #1668
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
PR #1678 requires slight tweaking of doxygen/known-issues handling to
successfully generate documentation
Tracked-on: #1595
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Transcode, edit, and upload HLD 0.7 section 3.10 (PM in hypervisor),
3.11 (Console, shell, vUART), 3.12 (Hypercall/VHM upcall), and
3.13 (Compile-time config)
Also scan/replace UTF-8 punctuation missed in previous PRs.
Add anchor targets in referenced docs.
Tracked-on: #1648
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The current defconfigs are BIOS-specific which makes it difficult to maintain
multiple defconfigs for boards running the same BIOS.
This patch re-organizes the defconfigs to be board-specific. A command line
option BOARD is introduced to specify a board on which the current build targets
at. The original PLATFORM is kept for backward compatibility which redirects to
apl-mrb and nuc6cayh for sbl and uefi, respectively.
The getting started guide is also updated accordingly.
v1 -> v2:
* Rewrite 'up2' to 'UP2'.
Tracked-On: #1588
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
transcode, edit, and upload HLD 0.7 section 3.7 (Virtual Interrupt)
Add target references in other docs as needed.
Tracked-on: #1623
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
transcode, edit, and upload HLD 0.7 section 3.6 (Timer)
Also, fix the hv sections file names to be consistent.
Tracked-on: #1623
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Tweak the 'Using partition mode on UP2' tutorial by removing
a couple of Grub menu entries that are not present by default
(nor introduced as part of the tutorial).
Also make it more obvious that there is still a default entry
called 'Ubuntu' which is the one by default.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Transcode, edit, and upload HLD 0.7 sections 3.4 (I/O emulation)
Add anchor targets to other docs reference in this section.
Update .known-issues filter for "known" doxygen/breathe errors
Tracked-on: #1592
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
When the doc log is scanned for potential "new" errors, if any are found
it wasn't returning a non-zero error code.
Tracked-on: #1514
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Chen, Gang G