If you build for a platform (e.g. uefi) and right after that for
another platform ('sbl'), the new build will fail and a version.h
file is left in the tree (bsp/uefi/include/bsp/version.h or
bsp/sbl/include/bsp/version.h depending on the order you built one
after the other). This commit makes git ignore any of those in case
it is there. Note that 'make clean' with the corresponding
PLATFORM variable will clean this file.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Add a new document describing how doc building and publishing
works and how to setup a doc working directory and build tools to make
it so.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add the 'gnu-efi' dependency required to build the ACRN hypervisor
with "PLATFORM=uefi" on Fedora. 'gnu-efi-devel' is required on CentOS.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
According to the explaination for pref_address
in Documentation/x86/boot.txt, a relocating bootloader
should attempt to load kernel at pref_address if possible.
But due to a non-relocatable kernel will unconditionally
move itself and to run at perf address, no need to copy
kernel to perf_address by bootloader.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
info->phys_pin need be used by ptdev_build_native_rte when updating entry
TODO: currently ptdev entry is virtual based, the better solution should
be physical based.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
It is possible that the vm-entry fails in vmresume instr under some scenarios.
It will pass to next instruction following vmresume. In such case it will call
the vmlaunch again.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
1. refine multiboot related code, move to /boot.
2. firmware files and ramdisk can be stitched in iasImage;
and they will be loaded as multiboot modules.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Add 'CPU_PAGE_MASK' used for calculate address,
Change IA32E_REF_MASK from 0x7ffffffffffff000 to 0x000ffffffffff000
for MMU/EPT entry, bit62:52(ignore) bit63(VE/XD)
if we want to obtain the address from the MMU/EPT entry,need to clear
bit63:52 by IA32E_REF_MASK
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Make the Getting Started Guide instructions more specific and
comprehensive for Clear Linux version 21260 (version of reference)
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Handle version retrieval better when comments are present.
Add warning if Sphinx theme (read_the_docs) is missing.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch is prepared for enabling secure world feature.
this api will create new eptp for secure world, whose PDPT
entries are copied form normal world,the PML4/PDPT for secure
world are separated from Normal World, PD/PT are shared in the
Secure World's EPT and Normal World's EPT.Secure world can
access Normal World's memory, but Normal World can not access
Secure World's memory
This function implemented:
-- Unmap specific memory from guest ept mapping
-- Copy PDPT from Normal world to Secure world
-- Map specific memory for Secure world
-- Unmap specific memory from SOS ept mapping
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Add instructions on how to build the hypervisor and device model
on other operating systems such as Ubuntu/Debian, Fedora/doc/Redhat
and CentOS.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
RELRO rearranges the data sections inside an ELF
executable. It also marks certain areas as 'read-only'
so that these data structures cannot be overwritten while
the process is running.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Enable stack-proctector-strong option for gcc emiting
extra code to check buffer overflow.
Enable noexecstack option for marking the object as not
requiring executable stack.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Replace ASSERT in lib functions with error message print and return a
value indicating error to allow the caller of lib functions to handle
the error.
Change-Id: If166484238dc0734041adfdbb19a5b374c044e33
Signed-off-by: Yan, Like <like.yan@intel.com>
On the APL NUC board (CPU family: 0x6 model: 92), the monitor is buggy.
We can't use it to wake up CPU core from mwait by memory monitor.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add key info structure
add sworld_eptp in vm structure, and rename ept->nworld_eptp
add secure world control structure
Change-Id:
Tracked-On:220921
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Per Project ACRN governance, documentation is under a Creative Commons
Attribution 4.0 International License (CC BY 4.0). This patch updates
this information, and adds a tagline to documentation mentioning this
license.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
"-O2 -D_FORTIFY_SOURCE=2":
GCC C-Compiler can analyze the source code to be compiled and detect
certain insecure sections, that might create a security problem. The
compiler will replace the insecure function calls with special hardened
code that will perform extra runtime checks while the process is
executed.
"-Wformat -Wformat-security":
It warns about calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as in
"printf (foo);". This may be a security hole if the format string came
from untrusted input and contains %n.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
make the doc build process quiet and add filtering of known (Sphinx)
issues. Scripting comes from the open source Zephyr project.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Writing PCIR_BIOS is to get PCI ROM resource length. Ingore the request
as it's not support currently. Else, guest might get wrong information
about the PCI ROM resource.
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
changed 3 to support latest image release
1, deleted one bundle installation -os-clr-on-clr-dev
2, changed the default configuration file path to /usr/share/acrn/demo
3, after installed service os bundle, all the configuration files and scripts were installed, no need to download manually any more
Simplify the publishing process to projectacrn.github.io by making
commits directly to the projectacrn/projectacrn.github.io repo (rather
than to a personal repo, doing a PR, and processing the PR). This
eliminates manual processing in an otherwise automated publishing
process: PR reviews aren't needed for this step.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
