It is possible that the vm-entry fails in vmresume instr under some scenarios.
It will pass to next instruction following vmresume. In such case it will call
the vmlaunch again.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
1. refine multiboot related code, move to /boot.
2. firmware files and ramdisk can be stitched in iasImage;
and they will be loaded as multiboot modules.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Add 'CPU_PAGE_MASK' used for calculate address,
Change IA32E_REF_MASK from 0x7ffffffffffff000 to 0x000ffffffffff000
for MMU/EPT entry, bit62:52(ignore) bit63(VE/XD)
if we want to obtain the address from the MMU/EPT entry,need to clear
bit63:52 by IA32E_REF_MASK
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Make the Getting Started Guide instructions more specific and
comprehensive for Clear Linux version 21260 (version of reference)
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Handle version retrieval better when comments are present.
Add warning if Sphinx theme (read_the_docs) is missing.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch is prepared for enabling secure world feature.
this api will create new eptp for secure world, whose PDPT
entries are copied form normal world,the PML4/PDPT for secure
world are separated from Normal World, PD/PT are shared in the
Secure World's EPT and Normal World's EPT.Secure world can
access Normal World's memory, but Normal World can not access
Secure World's memory
This function implemented:
-- Unmap specific memory from guest ept mapping
-- Copy PDPT from Normal world to Secure world
-- Map specific memory for Secure world
-- Unmap specific memory from SOS ept mapping
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Add instructions on how to build the hypervisor and device model
on other operating systems such as Ubuntu/Debian, Fedora/Redhat
and CentOS.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
RELRO rearranges the data sections inside an ELF
executable. It also marks certain areas as 'read-only'
so that these data structures cannot be overwritten while
the process is running.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Enable stack-proctector-strong option for gcc emiting
extra code to check buffer overflow.
Enable noexecstack option for marking the object as not
requiring executable stack.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Replace ASSERT in lib functions with error message print and return a
value indicating error to allow the caller of lib functions to handle
the error.
Change-Id: If166484238dc0734041adfdbb19a5b374c044e33
Signed-off-by: Yan, Like <like.yan@intel.com>
On the APL NUC board (CPU family: 0x6 model: 92), the monitor is buggy.
We can't use it to wake up CPU core from mwait by memory monitor.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add key info structure
add sworld_eptp in vm structure, and rename ept->nworld_eptp
add secure world control structure
Change-Id:
Tracked-On:220921
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Per Project ACRN governance, documentation is under a Creative Commons
Attribution 4.0 International License (CC BY 4.0). This patch updates
this information, and adds a tagline to documentation mentioning this
license.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
"-O2 -D_FORTIFY_SOURCE=2":
GCC C-Compiler can analyze the source code to be compiled and detect
certain insecure sections, that might create a security problem. The
compiler will replace the insecure function calls with special hardened
code that will perform extra runtime checks while the process is
executed.
"-Wformat -Wformat-security":
It warns about calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as in
"printf (foo);". This may be a security hole if the format string came
from untrusted input and contains %n.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
make the doc build process quiet and add filtering of known (Sphinx)
issues. Scripting comes from the open source Zephyr project.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Writing PCIR_BIOS is to get PCI ROM resource length. Ingore the request
as it's not support currently. Else, guest might get wrong information
about the PCI ROM resource.
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
