github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-09-11 21:59:26 +00:00
Code Issues Projects Releases Wiki Activity

hv: tpm2: do tpm2 fixup for security vm

Browse Source 
ACRN used to prepare the vTPM2 ACPI Table for pre-launched VM at the build stage
using config tools. This is OK if the TPM2 ACPI Table never changes. However,
TPM2 ACPI Table may be changed in some conditions: change BIOS configuration or
update BIOS.

This patch do TPM2 fixup to update the vTPM2 ACPI Table and TPM2 MMIO resource
configuration according to the physical TPM2 ACPI Table.

Tracked-On: #6366
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Signed-off-by: Fei Li <fei1.li@intel.com>
This commit is contained in:
Fei Li
2021-08-06 14:12:13 +08:00
committed by wenlingz
parent f81b39225c
commit 74e68e39d1
11 changed files with 125 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
misc/config_tools/library/common.py
View File

@@ -23,7 +23,7 @@ DATACHECK_SCHEMA_FILE = SOURCE_ROOT_DIR + 'misc/config_tools/schema/datachecks.x
PY_CACHES = ["__pycache__", "../board_config/__pycache__", "../scenario_config/__pycache__"]
GUEST_FLAG = ["0", "0UL", "GUEST_FLAG_SECURE_WORLD_ENABLED", "GUEST_FLAG_LAPIC_PASSTHROUGH",
"GUEST_FLAG_IO_COMPLETION_POLLING", "GUEST_FLAG_NVMX_ENABLED", "GUEST_FLAG_HIDE_MTRR",
"GUEST_FLAG_RT"]
"GUEST_FLAG_RT", "GUEST_FLAG_TPM2_FIXUP"]
MULTI_ITEM = ["guest_flag", "pcpu_id", "vcpu_clos", "input", "block", "network", "pci_dev", "shm_region", "communication_vuart"]

4
misc/config_tools/schema/VMtypes.xsd
View File

@@ -37,7 +37,8 @@
IO polling to completion
- ``GUEST_FLAG_HIDE_MTRR`` specify that MTRR is hidden from the VM
- ``GUEST_FLAG_RT`` specify that the VM is an RT-VM (real-time)
- ``GUEST_FLAG_NVMX_ENABLED`` specify that the VM supports nested virtualization</xs:documentation>
- ``GUEST_FLAG_NVMX_ENABLED`` specify that the VM supports nested virtualization
- ``GUEST_FLAG_TPM2_FIXUP`` specify that the VM needs to do fixup for TPM2 passthrough</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="" />
@@ -49,6 +50,7 @@
<xs:enumeration value="GUEST_FLAG_HIDE_MTRR" />
<xs:enumeration value="GUEST_FLAG_RT" />
<xs:enumeration value="GUEST_FLAG_NVMX_ENABLED" />
<xs:enumeration value="GUEST_FLAG_TPM2_FIXUP" />
</xs:restriction>
</xs:simpleType>

2
misc/config_tools/xforms/vm_configurations.h.xsl
View File

@@ -50,7 +50,7 @@
<xsl:when test="count(vm[vm_type='SOS_VM'])">
<xsl:value-of select="acrn:comment('Bitmask of guest flags that can be programmed by device model. Other bits are set by hypervisor only.')" />
<xsl:value-of select="$newline" />
<xsl:value-of select="acrn:define('DM_OWNED_GUEST_FLAG_MASK', '(GUEST_FLAG_SECURE_WORLD_ENABLED | GUEST_FLAG_LAPIC_PASSTHROUGH | GUEST_FLAG_RT | GUEST_FLAG_IO_COMPLETION_POLLING)', '')" />
<xsl:value-of select="acrn:define('DM_OWNED_GUEST_FLAG_MASK', '(GUEST_FLAG_SECURE_WORLD_ENABLED | GUEST_FLAG_LAPIC_PASSTHROUGH | GUEST_FLAG_RT | GUEST_FLAG_IO_COMPLETION_POLLING | GUEST_FLAG_TPM2_FIXUP)', '')" />
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="acrn:define('DM_OWNED_GUEST_FLAG_MASK', '0', 'UL')" />