[PULL 45/45] hw/i386: Add support for loading BIOS using guest

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 45/45] hw/i386: Add support for loading BIOS using guest_memfd

From:	Paolo Bonzini
Subject:	[PULL 45/45] hw/i386: Add support for loading BIOS using guest_memfd
Date:	Tue, 4 Jun 2024 08:44:09 +0200

From: Michael Roth <michael.roth@amd.com>

When guest_memfd is enabled, the BIOS is generally part of the initial
encrypted guest image and will be accessed as private guest memory. Add
the necessary changes to set up the associated RAM region with a
guest_memfd backend to allow for this.

Current support centers around using -bios to load the BIOS data.
Support for loading the BIOS via pflash requires additional enablement
since those interfaces rely on the use of ROM memory regions which make
use of the KVM_MEM_READONLY memslot flag, which is not supported for
guest_memfd-backed memslots.

Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@amd.com>
Message-ID: <20240530111643.1091816-29-pankaj.gupta@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/x86-common.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index f41cb0a6a8b..c0c66a0eb52 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -1001,8 +1001,13 @@ void x86_bios_rom_init(X86MachineState *x86ms, const 
char *default_firmware,
         (bios_size % 65536) != 0) {
         goto bios_error;
     }
-    memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", bios_size,
-                           &error_fatal);
+    if (machine_require_guest_memfd(MACHINE(x86ms))) {
+        memory_region_init_ram_guest_memfd(&x86ms->bios, NULL, "pc.bios",
+                                           bios_size, &error_fatal);
+    } else {
+        memory_region_init_ram(&x86ms->bios, NULL, "pc.bios",
+                               bios_size, &error_fatal);
+    }
     if (sev_enabled()) {
         /*
          * The concept of a "reset" simply doesn't exist for
@@ -1023,9 +1028,11 @@ void x86_bios_rom_init(X86MachineState *x86ms, const 
char *default_firmware,
     }
     g_free(filename);
 
-    /* map the last 128KB of the BIOS in ISA space */
-    x86_isa_bios_init(&x86ms->isa_bios, rom_memory, &x86ms->bios,
-                      !isapc_ram_fw);
+    if (!machine_require_guest_memfd(MACHINE(x86ms))) {
+        /* map the last 128KB of the BIOS in ISA space */
+        x86_isa_bios_init(&x86ms->isa_bios, rom_memory, &x86ms->bios,
+                          !isapc_ram_fw);
+    }
 
     /* map all the bios at the top of memory */
     memory_region_add_subregion(rom_memory,
-- 
2.45.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 30/45] i386/sev: Add handling to encrypt/finalize guest launch data, (continued)
- [PULL 30/45] i386/sev: Add handling to encrypt/finalize guest launch data, Paolo Bonzini, 2024/06/04
  - Re: [PULL 30/45] i386/sev: Add handling to encrypt/finalize guest launch data, Richard Henderson, 2024/06/24
- [PULL 26/45] i386/sev: Don't return launch measurements for SEV-SNP guests, Paolo Bonzini, 2024/06/04
- [PULL 25/45] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled, Paolo Bonzini, 2024/06/04
- [PULL 34/45] i386/sev: Add support for SNP CPUID validation, Paolo Bonzini, 2024/06/04
- [PULL 37/45] i386/sev: Invoke launch_updata_data() for SNP class, Paolo Bonzini, 2024/06/04
- [PULL 35/45] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled, Paolo Bonzini, 2024/06/04
- [PULL 38/45] i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE, Paolo Bonzini, 2024/06/04
- [PULL 40/45] i386/sev: Extract build_kernel_loader_hashes, Paolo Bonzini, 2024/06/04
- [PULL 43/45] memory: Introduce memory_region_init_ram_guest_memfd(), Paolo Bonzini, 2024/06/04
- [PULL 45/45] hw/i386: Add support for loading BIOS using guest_memfd, Paolo Bonzini <=
- [PULL 31/45] i386/sev: Set CPU state to protected once SNP guest payload is finalized, Paolo Bonzini, 2024/06/04
- [PULL 29/45] i386/sev: Add the SNP launch start context, Paolo Bonzini, 2024/06/04
- [PULL 33/45] i386/sev: Add support for populating OVMF metadata pages, Paolo Bonzini, 2024/06/04
- [PULL 39/45] i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests, Paolo Bonzini, 2024/06/04
- [PULL 42/45] i386/sev: Allow measured direct kernel boot on SNP, Paolo Bonzini, 2024/06/04
- [PULL 28/45] i386/sev: Update query-sev QAPI format to handle SEV-SNP, Paolo Bonzini, 2024/06/04
- [PULL 36/45] i386/sev: Invoke launch_updata_data() for SEV class, Paolo Bonzini, 2024/06/04
  - Re: [PULL 36/45] i386/sev: Invoke launch_updata_data() for SEV class, Peter Maydell, 2024/06/07
- [PULL 44/45] hw/i386/sev: Use guest_memfd for legacy ROMs, Paolo Bonzini, 2024/06/04

Prev by Date: [PULL 43/45] memory: Introduce memory_region_init_ram_guest_memfd()
Next by Date: [PULL 31/45] i386/sev: Set CPU state to protected once SNP guest payload is finalized
Previous by thread: [PULL 43/45] memory: Introduce memory_region_init_ram_guest_memfd()
Next by thread: [PULL 31/45] i386/sev: Set CPU state to protected once SNP guest payload is finalized
Index(es):
- Date
- Thread