IGVM: Embed firmware in IGVM file and parse OVMF metadata into IGVM parameter block #199
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Perform a refactor of the firmware configuration fields within the IGVM parameter block and add the additional fields required by OVMF firmware. This neatly separates the firmware metadata from the remaineder of the IGVM parameters and makes it clearer which fields relate to the firmware rather than the SVSM itself. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
roy-hopkins
commented
Jan 4, 2024
Comment on lines
+1
to
+6
| // SPDX-License-Identifier: MIT OR Apache-2.0 | ||
| // | ||
| // Copyright (c) 2024 SUSE LLC | ||
| // | ||
| // Author: Joerg Roedel <jroedel@suse.de> | ||
| // Author: Roy Hopkins <roy.hopkins@suse.com> |
There was a problem hiding this comment.
This code is mostly a copy of utils/print-meta.c, hence keeping Joerg as the author.
msft-jlange
reviewed
Jan 4, 2024
msft-jlange
reviewed
Jan 4, 2024
msft-jlange
reviewed
Jan 4, 2024
msft-jlange
reviewed
Jan 4, 2024
This commit adds parameters to the IGVM builder command line that allow a firmware binary file to be specified along with either the firmware base address or top address. The firmware is then populated into the IGVM file at the specified address. If the firmware contains metadata in OVMF format then this is parsed and the relevant fields of the IGVM parameter block that is passed to the guest. This allows OVMF (and potentially other) firmware to be embedded in the IGVM file and launched from the SVSM. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
When using an IGVM based configuration, currently the firmware metadata can be provided either in the IGVM configuration itself or can be parsed from the OVMF image. However, there is no reason for SVSM to parse the OVMF metadata as this can be done by the IGVM builder and populated into the IGVM configuration. This patch removes the logic to parse OVMF metadata when using IGVM configuration and applies the required extra fields from the IGMV configuration. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
Following the changes to SVSM that mean the firmware configuration is always completely described by the IGVM parameter block, this commit removes the now unused 'metadata' field that previously defined the location of the OVMF metadata page in guest memory. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
roy-hopkins
force-pushed
the
ovmf_builder
branch
from
17ac809 to
0d90828
Compare
|
@msft-jlange, on reflection following our email conversation it is probably best to hardcode the firmware base calculation for QEMU and just return an error at the moment if I've pushed a new version with this change. |
msft-jlange
approved these changes
Jan 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for embedding firmware, particularly OVMF into an IGVM file using the IGVM builder.
The Makefile has been updated to allow the OVMF file to be specified by the
FW_FILEenvironment variable. This needs to be set to theOVMF.fdfile (and not the separateOVMF_CODE.fdandOVMF_VARS.fdfiles). When provided, the firmware binary is parsed by the IGVM builder during the build to extract metadata which is then populated into the IGVM parameter block, passed to SVSM.By providing the metadata in the IGVM parameter block, SVSM does not need to parse the OVMF metadata when using an IGVM file. The SVSM has been updated to reflect this by removing the
fw_metadataIGVM parameter that specified the OVMF metadata page. In the future, if IGVM is solely used to configure the SVSM then the OVMF metadata parsing can be removed entirely from SVSM.