1. Update acrn.efi name in acrn ootb scripts
2. Add licenses to acrn ootb scripts
3. Add format U disk step
4. Add execute permission to ootb script
5. Fix wrong img name
6. update clearlinux version to 31600
Signed-off-by: Lei, Lu <leix.lu@intel.com>
We've been keeping the doc version choice list trimmed as new doc
version releases are made, but the v1.0 version should remain. (Note
that the documents for all previously published versions are still
available on the server, but they were included in the menu choice).
This PR puts the 1.0 choice back in.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Mitigation for this vulnerability is applied in 1.4 release, update
related notes in adviosry.
Tracked-On: #4101
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Add a option MCE_ON_PSC_WORKAROUND_DISABLED to disable the software
workaround for the issue Machine Check Error on Page Size Change.
Tracked-On: #4121
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Only apply the software workaround on the models that might be
affected by MCE on page size change. For these models that are
known immune to the issue, the mitigation is turned off.
Atom processors are not afftected by the issue.
Also check the CPUID & MSR to check whether the model is immune to the issue:
CPU is not vulnerable when both CPUID.(EAX=07H,ECX=0H).EDX[29] and
IA32_ARCH_CAPABILITIES[IF_PSCHANGE_MC_NO] are 1.
Other cases not listed above, CPU may be vulnerable.
Tracked-On: #4121
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Issue description:
-----------------
Machine Check Error on Page Size Change
Instruction fetch may cause machine check error if page size
and memory type was changed without invalidation on some
processors[1][2]. Malicious guest kernel could trigger this issue.
This issue applies to both primary page table and extended page
tables (EPT), however the primary page table is controlled by
hypervisor only. This patch mitigates the situation in EPT.
Mitigation details:
------------------
Implement non-execute huge pages in EPT.
This patch series clears the execute permission (bit 2) in the
EPT entries for large pages. When EPT violation is triggered by
guest instruction fetch, hypervisor converts the large page to
smaller 4 KB pages and restore the execute permission, and then
re-execute the guest instruction.
The current patch turns on the mitigation by default.
The follow-up patches will conditionally turn on/off the feature
per processor model.
[1] Refer to erratum KBL002 in "7th Generation Intel Processor
Family and 8th Generation Intel Processor Family for U Quad Core
Platforms Specification Update"
https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/7th-gen-core-family-spec-update.pdf
[2] Refer to erratum SKL002 in "6th Generation Intel Processor
Family Specification Update"
https://www.intel.com/content/www/us/en/products/docs/processors/core/desktop-6th-gen-core-family-spec-update.html
Tracked-On: #4121
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
1. add guest secure boot with OVMF.
2. delete obsolete content.
3. SOS -> Service VM and UOS -> User VM.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
The default binary will not support 2 core/2 thread hardware from V1.3;
KBL NUC7i5DNH has serial port;
Add cores and threads for CPU of hardware listed;
Signed-off-by: Xie Zhengtian <zhengtian.xie@intel.com>
As reported in PR #3959, doc build errors were being masked by a script
error. This PR fixes a chunk of them.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Cleaned up the presentation and formatting problems from the conversion
to ReST, along with English grammar and spelling edits.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
1. Some security features are added into ACRN HV memory management.
2. Dynamic memory allocation is removed. Instead, static memory page allocation is added.
3. The guest to host mapping is not static any more for Service OS after it begins running
since the Service OS support PCI BAR re-pregramming now.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Change APL getting started guide to KBL getting started guide;
Merge some of the contents into preempt-rt getting started guide;
Move the modified kbl getting started guide to the behind of the configuration tutorials;
Fix issues for acrn_quick_setup.sh script.
Signed-off-by: lirui34 <ruix.li@intel.com>
Remove redundant copy of ovmf.fd firmware as the lunach script now
instructs the DM to user the OVMF.fd firmware directly from the rootfs.
Tracked-On: #3972
Signed-off-by: Tonny Tzeng <tonny.tzeng@intel.com>
This commit updates the DM parameters reference document to reflect
the removal of the guest cpu number option '-c' implementation.
Tracked-On: #3989
Signed-off-by: Tonny Tzeng <tonny.tzeng@intel.com>
