From 9c187a44f40fb0c819492fa83ed9711550c4277b Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Thu, 23 Mar 2023 13:14:08 +0000 Subject: [PATCH 1/3] config: Enable and use virtio-rng to speed up crng init Linux needs a source of entrophy to init the crng. For arch revisions v8.5 and newer, we have RNDR CPU instruction which can be used, but for older revisions nothing is currently available, and Linux resorts to trying to measure jitter, which takes a long time. Fix this by using the virtio-rng device on the FVP. Older builds don't have it, but we don't expect people to be using these old builds with Shrinkwrap. So enable the device with an FVP parameter, mark it enabled in the DT and compile Linux with virtio-driver support built in. With this combo in place, Linux can use the device to init the crng. This doesn't solve the EDK2/ACPI config becuase Linux doesn't know about the device's presence. This also doesn't solve the case where people bring their own kernel, which doesn't have the driver compiled it. I have a patch on list to add this to the defconfig. Signed-off-by: Ryan Roberts --- config/FVP_Base_RevC-2xAEMvA-base.yaml | 4 ++++ config/dt-base.yaml | 12 ++++++++++++ config/linux-base.yaml | 5 +++++ 3 files changed, 21 insertions(+) diff --git a/config/FVP_Base_RevC-2xAEMvA-base.yaml b/config/FVP_Base_RevC-2xAEMvA-base.yaml index 7b80fc2..a8761f7 100644 --- a/config/FVP_Base_RevC-2xAEMvA-base.yaml +++ b/config/FVP_Base_RevC-2xAEMvA-base.yaml @@ -70,6 +70,10 @@ run: -C pci.pci_smmuv3.mmu.SMMU_S_IDR2: 0 -C pci.pci_smmuv3.mmu.SMMU_S_IDR3: 0 + # Enable virtio-rng. If Linux/DT is correctly configured, it can use this to + # speed up RNG init. + -C bp.virtio_rng.enabled: 1 + terminals: bp.terminal_0: friendly: term0 diff --git a/config/dt-base.yaml b/config/dt-base.yaml index ddf7cb4..095930c 100644 --- a/config/dt-base.yaml +++ b/config/dt-base.yaml @@ -63,6 +63,9 @@ build: # overlay: a 64MB carve-out is reserved at the end of the first memory # bank, which is used by tfa and (if present) the rmm, timer frequency, # some extra psci properties, and cpu-map to map the cores to clusters. + # By default the virtio-rng is disabled (because it was not present in + # older builds of the rev C FVP), so enable it here, so Linux can use it + # to initialize its RNG and speed up boot. - if [ "$${DTS}" = "fvp-base-revc.dts" ]; then - >- OVERLAY="/ { @@ -95,6 +98,15 @@ build: }; }; }; + bus@8000000 { + motherboard-bus@8000000 { + iofpga-bus@300000000 { + virtio@200000 { + status = \"okay\"; + }; + }; + }; + }; };" - ( dtc -q -O dts -I dtb $${DTB_FINAL} ; echo -e "$${OVERLAY}" ) | dtc -q -O dtb -o $${DTB_FINAL} - fi diff --git a/config/linux-base.yaml b/config/linux-base.yaml index 9e152e5..40358c0 100644 --- a/config/linux-base.yaml +++ b/config/linux-base.yaml @@ -33,6 +33,11 @@ build: - export ARCH=arm64 - make -j${param:jobs} O=${param:builddir} defconfig + # Unconditionally add the virtio-rng driver so we can use the device on + # FVP to speed up CRNG init. + - ./scripts/config --file ${param:builddir}/.config --enable CONFIG_HW_RANDOM + - ./scripts/config --file ${param:builddir}/.config --enable CONFIG_HW_RANDOM_VIRTIO + build: # Finalize the config. - make -j${param:jobs} O=${param:builddir} olddefconfig -- GitLab From b9809bb2e784785868e412c8d22d54abcf2d0233 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Thu, 23 Mar 2023 17:09:26 +0000 Subject: [PATCH 2/3] docker: Update to latest FVP (11.20_15) for x86_64 aarch64 is already using this version of the FVP. x86_64 was previously holding off because it significantly slowed down Linux boot in some cases. This has now been traced back to CRNG init shenanigans and has been solved (properly) by using virtio-rng to gather entrophy at boot. So let's get both arches in sync. Signed-off-by: Ryan Roberts --- docker/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/build.sh b/docker/build.sh index e239b1d..5148cee 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -38,7 +38,7 @@ if [ "${ARCH}" == "x86_64" ]; then TCH_PKG_NAME_AARCH32=arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-eabi.tar.xz TCH_PATH_AARCH32=arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-eabi/bin FVP_PKG_URL=https://developer.arm.com/-/media/Files/downloads/ecosystem-models - FVP_PKG_NAME=FVP_Base_RevC-2xAEMvA_11.18_16_Linux64.tgz + FVP_PKG_NAME=FVP_Base_RevC-2xAEMvA_11.20_15_Linux64.tgz FVP_MODEL_DIR=Base_RevC_AEMvA_pkg/models/Linux64_GCC-9.3 FVP_PLUGIN_DIR=Base_RevC_AEMvA_pkg/plugins/Linux64_GCC-9.3 elif [ "${ARCH}" == "aarch64" ]; then -- GitLab From 65e14f28636a0c34d8347abcf0a11a40f9d326b5 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Thu, 23 Mar 2023 17:11:47 +0000 Subject: [PATCH 3/3] docker: Add library dependecies for kselftests Linux's kselftests has a bunch of compile-time library dependencies. Let's add them all to the "full" docker image so that configs using linux-base.yaml's `BUILD_KSELFTESTS=true` feature, are able to build everything. Note: with v6.3-rc1, there are still a few issues, but I think these are individual test issues rather than infrastructure or environment. Signed-off-by: Ryan Roberts --- docker/Dockerfile.full | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/docker/Dockerfile.full b/docker/Dockerfile.full index bcbfe36..1a220ea 100644 --- a/docker/Dockerfile.full +++ b/docker/Dockerfile.full @@ -29,3 +29,30 @@ RUN cd /tools \ && cd - ENV TCH_PATH_AARCH32="/tools/${TCH_PATH_AARCH32}" ENV PATH="${TCH_PATH_AARCH32}:${PATH}" + +# Install packages required to compile Linux kselftests. We install the target +# versions for cross-compiling, and the native versions for good measure. +RUN dpkg --add-architecture arm64 \ + && apt-get update +RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProblemResolver=yes \ + libcap-dev \ + libcap-ng-dev \ + libelf-dev \ + libfuse-dev \ + libmnl-dev \ + libnuma-dev \ + libpopt-dev \ + libasound-dev \ + liburing-dev \ + libz-dev +RUN apt-get install --assume-yes --no-install-recommends --option=debug::pkgProblemResolver=yes \ + libcap-dev:arm64 \ + libcap-ng-dev:arm64 \ + libelf-dev:arm64 \ + libfuse-dev:arm64 \ + libmnl-dev:arm64 \ + libnuma-dev:arm64 \ + libpopt-dev:arm64 \ + libasound-dev:arm64 \ + liburing-dev:arm64 \ + libz-dev:arm64 -- GitLab