From d471745d1f9eb288676f82e05f4a10fa36f7a9f7 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Mon, 6 Jan 2025 16:13:52 +0000 Subject: [PATCH 1/2] docs: re-autogenerate cca-3world config store rst Commit 8c7a3cf83bfb ("configs/cca-3world: Fix documentation") updated some documentation in the cca-3world config file but missed to regenerate the config store rst file following that update. Signed-off-by: Sudeep Holla --- .../userguide/configstore/cca-3world.rst | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/documentation/userguide/configstore/cca-3world.rst b/documentation/userguide/configstore/cca-3world.rst index 2b73a32..2f5799c 100644 --- a/documentation/userguide/configstore/cca-3world.rst +++ b/documentation/userguide/configstore/cca-3world.rst @@ -65,8 +65,6 @@ Finally, once the host has booted, log in as "root" (no password), and launch a Be patient while this boots to the UEFI shell. Navigate to "Boot Manager", then "UEFI Shell" and wait for the startup.nsh script to execute, which will launch the kernel. Continue to be patient, and eventually you will land at a login prompt. Login as "root" (no password). -This config also builds kvm-unit-tests, which can be run in the realm instead of Linux. It is also possible to launch Linux without using EDK2 as the guest FW. - When the linux kernel 9p issue will be fixed, the shared directory approach can be used. Simply boot the host with the SHARE rtvar. This only works for DT-based environments though: .. code-block:: shell @@ -75,14 +73,30 @@ When the linux kernel 9p issue will be fixed, the shared directory approach can $ shrinkwrap run cca-3world.yaml --rtvar ROOTFS=rootfs.ext2 --rtvar SHARE=. -Then, once the host has booted, log in as "root" (no password) and mount the shared folder to "/cca" and change dir to it. The realmn guest can then be launched as previously: +Then, once the host has booted, log in as "root" (no password) and mount the shared folder to "/cca" and change dir to it. The realm guest can then be launched as previously: .. code-block:: shell # mkdir /cca # mount -t 9p -o trans=virtio,version=9p2000.L FM /cca # cd /cca - # ./lkvm run --realm --disable-sve --irqchip=gicv3-its --firmware KVMTOOL_EFI.fd -c 1 -m 512 --no-pvtime --force-pci --disk guest-disk.img --measurement-algo=sha256 + # ./lkvm run --realm --disable-sve --irqchip=gicv3-its --firmware KVMTOOL_EFI.fd -c 1 -m 512 --no-pvtime --force-pci --disk guest-disk.img --measurement-algo=sha256 --restricted_mem + + +It is also possible to launch Linux without using EDK2 as the guest FW: + +.. code-block:: shell + + # ./lkvm run --realm --disable-sve --irqchip=gicv3-its -c 1 -m 512 --no-pvtime --force-pci --console virtio --kernel Image --disk guest-disk.img -p "console=hvc0 root=/dev/vda2" --measurement-algo=sha256 --restricted_mem + + +This config also builds kvm-unit-tests, which can be run in the realm instead of Linux: + +.. code-block:: shell + + # cd /cca/kvm-unit-tests/arm + # export PATH=/cca:$PATH + # ./run-realm-tests Concrete ######## -- GitLab From 0ca0537d97f528dab10c74bf40889dd517a63e45 Mon Sep 17 00:00:00 2001 From: Sudeep Holla Date: Mon, 6 Jan 2025 16:16:14 +0000 Subject: [PATCH 2/2] config: ffa-hafnium-optee: Use the optional 'image' field ffa-hafnium-optee configuration requires shrinkwraptool/base-full docker image similar to cca-4world configuration. This requirement is currently exposed on the command line by expecting as the user to specify the right image when invoking shrinkwrap. This seems unnecessary and error prone. Commit a502ce346f8c ("feature: add an optional 'image' field to config files.") added option to override the default docker image file used by specifying the optional 'image' field in the config file. Let us relax the command line expectation and set 'image' field to shrinkwraptool/base-full for the ffa-hafnium-optee configuration. Signed-off-by: Sudeep Holla --- config/ffa-hafnium-optee.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/ffa-hafnium-optee.yaml b/config/ffa-hafnium-optee.yaml index 33b9db1..af0ac85 100644 --- a/config/ffa-hafnium-optee.yaml +++ b/config/ffa-hafnium-optee.yaml @@ -10,6 +10,8 @@ description: >- (Secure Partition Manager Core) and OPTEE as a secure partition/VM in secure EL1 and Linux in Normal world. +image: shrinkwraptool/base-full + concrete: true layers: -- GitLab