qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] tests/functional/aarch64_virt: add test for FEAT_RME

From: Pierrick Bouvier
Subject: Re: [PATCH] tests/functional/aarch64_virt: add test for FEAT_RME
Date: Tue, 26 Nov 2024 08:03:20 -0800
User-agent: Mozilla Thunderbird 
On 11/26/24 02:51, Alex Bennée wrote:

Pierrick Bouvier <pierrick.bouvier@linaro.org> writes:


On 11/25/24 10:00, Alex Bennée wrote:

Pierrick Bouvier <pierrick.bouvier@linaro.org> writes:


This boot an OP-TEE environment, and launch a nested guest VM inside it
using the Realms feature.

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
   tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++
   1 file changed, 62 insertions(+)

diff --git a/tests/functional/test_aarch64_virt.py 
b/tests/functional/test_aarch64_virt.py
index 30bab5a677c..3e8f9372132 100755
--- a/tests/functional/test_aarch64_virt.py
+++ b/tests/functional/test_aarch64_virt.py
@@ -18,6 +18,7 @@
   from qemu_test import QemuSystemTest, Asset
   from qemu_test import exec_command, wait_for_console_pattern
   from qemu_test import get_qemu_img, run_cmd
+from qemu_test.utils import archive_extract
       class Aarch64VirtMachine(QemuSystemTest):
@@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self):
           return
           self.common_aarch64_virt("virt,gic-version=2")
   +    # Stack is built with OP-TEE build environment from those
instructions:
+    # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/
+    # https://github.com/pbo-linaro/qemu-rme-stack
+    ASSET_RME_STACK = Asset(
+        ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/'
+         'download/rme-stack-op-tee-4.2.0.tar.gz'),
+         '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb')
+
+    # This tests the FEAT_RME cpu implementation, by booting a VM supporting 
it,
+    # and launching a nested VM using it.
+    def test_aarch64_virt_rme(self):
+        stack_path_tar_gz = self.ASSET_RME_STACK.fetch()
+        archive_extract(stack_path_tar_gz, self.workdir)
+
+        self.set_machine('virt')
+        self.vm.set_console()
+        self.require_accelerator('tcg')
+
+        rme_stack = os.path.join(self.workdir, 'rme-stack')
+        kernel = os.path.join(rme_stack, 'out', 'bin', 'Image')
+        bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin')
+        drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4')
+
+        self.vm.add_args('-accel', 'tcg')
+        self.vm.add_args('-cpu', 'max,x-rme=on')
+        self.vm.add_args('-m', '2048')
+        self.vm.add_args('-M', 'virt,acpi=off,'
+                         'virtualization=on,'
+                         'secure=on,'
+                         'gic-version=3')
+        self.vm.add_args('-bios', bios)
+        self.vm.add_args('-kernel', kernel)
+        self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0')
+        self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0')
+        self.vm.add_args('-device', 
'virtio-9p-device,fsdev=shr0,mount_tag=shr0')
+        self.vm.add_args('-fsdev', 
f'local,security_model=none,path={rme_stack},id=shr0')
+        self.vm.add_args('-device', 'virtio-net-pci,netdev=net0')
+        self.vm.add_args('-netdev', 'user,id=net0')
+        self.vm.add_args('-append', 'root=/dev/vda')
+
+        self.vm.launch()
+        self.wait_for_console_pattern('Welcome to Buildroot')
+        time.sleep(0.1)
+        exec_command(self, 'root')
+        time.sleep(0.1)
+
+        # We now boot the (nested) guest VM
+        exec_command(self,
+                     'qemu-system-aarch64 -M virt,gic-version=3 '
+                     '-cpu host -enable-kvm -m 512M '
+                     '-M confidential-guest-support=rme0 '
+                     '-object rme-guest,id=rme0,measurement-algo=sha512 '
+                     '-device virtio-net-pci,netdev=net0,romfile= '
+                     '-netdev user,id=net0 '
+                     '-kernel /mnt/out/bin/Image '
+                     '-initrd /mnt/out-br/images/rootfs.cpio '
+                     '-serial stdio')
+        # Detect Realm activation during boot.
+        self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE')
+        # Wait for boot to complete.
+        self.wait_for_console_pattern('Welcome to Buildroot')

This is the same as above? Or the console of the guest?



It's the guest yes, as the comment try to explain.
I chose to implement it this way, instead of going with a separate
socket, because it would make the test code much more complicated with
no real benefit.


Can you interact with that console? I'm wondering if we can stimulate
the realm to do something a bit more than to get to the login prompt.
Yes, we can login and run anything, or even poweroff the VM. At this point of the test, the terminal *is* the (nested) guest. We would need to poweroff before accessing the host again, or send a ctrl-z.
I asked to Jean-Philippe suggestions to run a specific command to stress the implementation a bit more than simply booting. 


I agree sinking multiple serial ports would make the test more complex
and we shouldn't do it if we can prove everything works via the guests
interaction.


Could we also check the output of the other serial posts?



Host does not print anything.
We already check guest.
Message 'SMC_RMI_REALM_ACTIVATE' comes from the firmware.
Secure terminal is completely silent.

Were you thinking to something else?

Feel free to try [1], you can build and launch the vm in two commands
without having to install anything on your machine.

[1] https://github.com/pbo-linaro/qemu-rme-stack


Nice ;-)



Kudos to Jean-Philippe for the clear and simple instructions to build it!




     if __name__ == '__main__':
       QemuSystemTest.main()
reply via email to
[Prev in Thread] Current Thread [Next in Thread]