Skip to content

Nvidia unstable 10.1+cca/latest #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ianm-nv wants to merge 2 commits into from
Closed

Nvidia unstable 10.1+cca/latest #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9e4c32a
Revert "NVIDIA: SAUCE: hw/arm/virt: Define MEC as shared or private"
ianm-nv Oct 13, 2025
1e8dd4d
NVIDIA: SAUCE: hw/arm/virt.c: Fix pflash and blockdev
ianm-nv Oct 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 32 additions & 9 deletions hw/arm/virt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1268,26 +1268,35 @@ static PFlashCFI01 *virt_flash_create1(VirtMachineState *vms,
return PFLASH_CFI01(dev);
}

/* Create pflash devices early for blockdev property support.
* For confidential VMs, devices are created but not mapped. */
static void virt_flash_create(VirtMachineState *vms)
{
if (virt_machine_is_confidential(vms)) {
return;
}

/* Always create for property registration.
* CCA check moved to virt_flash_map() instead. */
vms->flash[0] = virt_flash_create1(vms, "virt.flash0", "pflash0");
vms->flash[1] = virt_flash_create1(vms, "virt.flash1", "pflash1");
}

static void virt_flash_map1(PFlashCFI01 *flash,
hwaddr base, hwaddr size,
MemoryRegion *sysmem)
static void virt_flash_realize(PFlashCFI01 *flash, hwaddr size)
{
DeviceState *dev = DEVICE(flash);

if (dev->realized) {
return;
}

assert(QEMU_IS_ALIGNED(size, VIRT_FLASH_SECTOR_SIZE));
assert(size / VIRT_FLASH_SECTOR_SIZE <= UINT32_MAX);
qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE);
sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
}

static void virt_flash_map1(PFlashCFI01 *flash,
hwaddr base, hwaddr size,
MemoryRegion *sysmem)
{
DeviceState *dev = DEVICE(flash);

memory_region_add_subregion(sysmem, base,
sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
Expand All @@ -1309,6 +1318,9 @@ static void virt_flash_map(VirtMachineState *vms,
hwaddr flashsize = vms->memmap[VIRT_FLASH].size / 2;
hwaddr flashbase = vms->memmap[VIRT_FLASH].base;

virt_flash_realize(vms->flash[0], flashsize);
virt_flash_realize(vms->flash[1], flashsize);

if (virt_machine_is_confidential(vms)) {
return;
}
Expand Down Expand Up @@ -1373,6 +1385,10 @@ static bool virt_confidential_firmware_init(VirtMachineState *vms,
MemoryRegion *fw_ram;
hwaddr fw_base = vms->memmap[VIRT_FLASH].base;
hwaddr fw_size = vms->memmap[VIRT_FLASH].size;
hwaddr flashsize = fw_size / 2;

virt_flash_realize(vms->flash[0], flashsize);
virt_flash_realize(vms->flash[1], flashsize);

if (!MACHINE(vms)->firmware) {
return false;
Expand Down Expand Up @@ -2320,8 +2336,6 @@ static void machvirt_init(MachineState *machine)
unsigned int smp_cpus = machine->smp.cpus;
unsigned int max_cpus = machine->smp.max_cpus;

virt_flash_create(vms);

possible_cpus = mc->possible_cpu_arch_ids(machine);

/*
Expand Down Expand Up @@ -3652,6 +3666,15 @@ static void virt_instance_init(Object *obj)
vms->oem_id = g_strndup(ACPI_BUILD_APPNAME6, 6);
vms->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
cxl_machine_init(obj, &vms->cxl_devices_state);

/*
* Create pflash devices early for blockdev property support.
* For confidential VMs, the devices are created but won't be
* mapped into memory (virt_flash_map checks machine->cgs).
* This allows libvirt 10.x to use:
* -machine virt-10.1,pflash0=node,pflash1=node
*/
virt_flash_create(vms);
}

static const TypeInfo virt_machine_info = {
Expand Down
5 changes: 0 additions & 5 deletions linux-headers/asm-arm64/kvm.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -428,7 +428,6 @@ enum {
/* List of configuration items accepted for KVM_CAP_ARM_RME_CONFIG_REALM */
#define ARM_RME_CONFIG_RPV 0
#define ARM_RME_CONFIG_HASH_ALGO 1
#define ARM_RME_CONFIG_MEC 2

#define ARM_RME_CONFIG_HASH_ALGO_SHA256 0
#define ARM_RME_CONFIG_HASH_ALGO_SHA512 1
Expand All @@ -448,10 +447,6 @@ struct arm_rme_config {
__u32 hash_algo;
};

/* cfg == ARM_RME_CONFIG_MEC */
struct {
__u32 shared_mec;
};
/* Fix the size of the union */
__u8 reserved[256];
};
Expand Down
5 changes: 1 addition & 4 deletions qapi/qom.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1216,15 +1216,12 @@
# memory (unmeasured) and can then be read by a verifier to
# reconstruct the RIM.
#
# @shared-mec: Enable/disable usage of a shared MEC.
#
# Since: 10.0
##
{ 'struct': 'RmeGuestProperties',
'data': { '*personalization-value': 'str',
'*measurement-algorithm': 'RmeGuestMeasurementAlgorithm',
'*measurement-log': 'bool',
'*shared-mec': 'bool'} }
'*measurement-log': 'bool'} }

##
# @ObjectType:
Expand Down
25 changes: 0 additions & 25 deletions target/arm/kvm-rme.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,6 @@ struct RmeGuest {
uint8_t personalization_value[ARM_RME_CONFIG_RPV_SIZE];
RmeGuestMeasurementAlgorithm measurement_algo;
bool use_measurement_log;
bool use_shared_mec;

RmeRamRegion init_ram;
uint8_t ipa_bits;
Expand Down Expand Up @@ -435,9 +434,6 @@ static int rme_configure_one(RmeGuest *guest, uint32_t cfg, Error **errp)
}
cfg_str = "hash algorithm";
break;
case ARM_RME_CONFIG_MEC:
args.shared_mec = guest->use_shared_mec;
break;
default:
g_assert_not_reached();
}
Expand All @@ -457,7 +453,6 @@ static int rme_configure(Error **errp)
const uint32_t config_options[] = {
ARM_RME_CONFIG_RPV,
ARM_RME_CONFIG_HASH_ALGO,
ARM_RME_CONFIG_MEC,
};

for (option = 0; option < ARRAY_SIZE(config_options); option++) {
Expand Down Expand Up @@ -685,20 +680,6 @@ static void rme_set_measurement_log(Object *obj, bool value, Error **errp)
guest->use_measurement_log = value;
}

static bool rme_get_shared_mec(Object *obj, Error **errp)
{
RmeGuest *guest = RME_GUEST(obj);

return guest->use_shared_mec;
}

static void rme_set_shared_mec(Object *obj, bool value, Error **errp)
{
RmeGuest *guest = RME_GUEST(obj);

guest->use_shared_mec = value;
}

static void rme_guest_class_init(ObjectClass *oc, const void *data)
{
object_class_property_add_str(oc, "personalization-value", rme_get_rpv,
Expand All @@ -719,12 +700,6 @@ static void rme_guest_class_init(ObjectClass *oc, const void *data)
rme_set_measurement_log);
object_class_property_set_description(oc, "measurement-log",
"Enable/disable Realm measurement log");

object_class_property_add_bool(oc, "shared-mec",
rme_get_shared_mec,
rme_set_shared_mec);
object_class_property_set_description(oc, "shared-mec",
"Enable/disable usage of a shared Memory Encryption Context (MEC)");
}

static void rme_guest_init(Object *obj)
Expand Down