diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ff19eae..4359e32 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,5 +43,5 @@ jobs: run: ACE_DIR=$(pwd)/build/ MAKEFLAGS="--silent -j4" make hypervisor - name: build firmware run: ACE_DIR=$(pwd)/build/ MAKEFLAGS="--silent -j4" make firmware - - name: build cvms - run: ACE_DIR=$(pwd)/build/ MAKEFLAGS="--silent -j4" make cvms + - name: build confidential_vms + run: ACE_DIR=$(pwd)/build/ MAKEFLAGS="--silent -j4" make confidential_vms diff --git a/.gitignore b/.gitignore index a7204c2..ec37d17 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,8 @@ target/* security-monitor/target configurations/overlay/root/harness/baremetal +confidential-vms/linux_vm/configurations/package_override.dev +hypervisor/configurations/package_override.dev # Remove Cargo.lock from gitignore if creating an executable, leave it for libraries # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html @@ -15,7 +17,6 @@ Cargo.lock # These are backup files generated by rustfmt **/*.rs.bk - # skip kernel modules *.ko diff --git a/.gitmodules b/.gitmodules index 394397f..922dd6a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ -[submodule "hypervisor/linux"] - path = hypervisor/linux - url = https://github.com/torvalds/linux.git [submodule "hypervisor/buildroot"] path = hypervisor/buildroot url = https://github.com/buildroot/buildroot.git diff --git a/Makefile b/Makefile index 0ec7fcc..3a6f079 100644 --- a/Makefile +++ b/Makefile @@ -6,24 +6,31 @@ MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) MAKEFILE_SOURCE_DIR := $(dir $(realpath $(lastword $(MAKEFILE_LIST)))) export ACE_DIR ?= $(MAKEFILE_SOURCE_DIR)/build/ +# QEMU export QEMU_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/qemu/ export QEMU_WORK_DIR ?= $(ACE_DIR)/qemu/ export QEMU_RISCV_WORK_DIR ?= $(ACE_DIR)/qemu-riscv/ +# Riscv toolchain export RISCV_GNU_TOOLCHAIN_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/riscv-gnu-toolchain/ export RISCV_GNU_TOOLCHAIN_WORK_DIR ?= $(ACE_DIR)/riscv-gnu-toolchain/ -export CVMS_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/confidential-vms -export OVERLAY_ROOT_DIR ?= $(ACE_DIR)/overlay/root -export LINUX_IMAGE ?= $(ACE_DIR)/linux/arch/riscv/boot/Image +# Confidential VMs +export CONFIDENTIAL_VMS_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/confidential-vms +# Hypervisor +export HYPERVISOR_WORK_DIR ?= $(ACE_DIR)/hypervisor/ +export HYPERVISOR_OVERLAY_DIR ?= $(HYPERVISOR_WORK_DIR)/overlay +export HYPERVISOR_OVERLAY_ROOT_DIR ?= $(HYPERVISOR_OVERLAY_DIR)/root +export LINUX_IMAGE ?= $(HYPERVISOR_WORK_DIR)/buildroot/images/Image +# Tools export TOOLS_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/tools export TOOLS_WORK_DIR ?= $(ACE_DIR)/tools -export CROSS_COMPILE ?= riscv64-unknown-linux-gnu- +export CROSS_COMPILE ?= riscv64-unknown-linux-gnu- export PLATFORM_RISCV_XLEN = 64 export PLATFORM_RISCV_ISA = rv64gc export PLATFORM_RISCV_ABI = lp64d export PATH := $(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH) -all: emulator tools firmware cvms +all: emulator tools firmware confidential_vms setup: echo $(ACE_DIR) @@ -42,12 +49,19 @@ devtools: setup hypervisor: setup devtools PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) $(MAKE) -C hypervisor -new_patches: - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) $(MAKE) -C hypervisor new_patches +confidential_vms: setup devtools hypervisor + BIN_DIR="$(OVERLAY_ROOT_DIR)/" RELEASE="" $(MAKE) -C $(CONFIDENTIAL_VMS_SOURCE_DIR)/baremetal/ ;\ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) $(MAKE) -C $(CONFIDENTIAL_VMS_SOURCE_DIR)/linux_vm/ buildroot ;\ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) $(MAKE) -C $(CONFIDENTIAL_VMS_SOURCE_DIR)/linux_vm/ overlay ;\ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) $(MAKE) -C hypervisor rootfs; + +hypervisor_dev: + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) $(MAKE) -C hypervisor dev -cvms: setup devtools hypervisor - BIN_DIR="$(OVERLAY_ROOT_DIR)/" $(MAKE) -C $(CVMS_SOURCE_DIR)/baremetal/ debug ; \ - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) $(MAKE) -C hypervisor overlay rootfs; +dev: + $(MAKE) -C $(CONFIDENTIAL_VMS_SOURCE_DIR)/linux_vm/ dev ;\ + $(MAKE) -C $(CONFIDENTIAL_VMS_SOURCE_DIR)/linux_vm/ overlay ;\ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) $(MAKE) -C hypervisor rootfs; firmware: setup devtools hypervisor PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" ACE_DIR=$(ACE_DIR) LINUX_IMAGE=$(LINUX_IMAGE) CROSS_COMPILE=$(CROSS_COMPILE) PLATFORM_RISCV_XLEN=$(PLATFORM_RISCV_XLEN) PLATFORM_RISCV_ISA=$(PLATFORM_RISCV_ISA) PLATFORM_RISCV_ABI=$(PLATFORM_RISCV_ABI) $(MAKE) -C security-monitor opensbi diff --git a/README.md b/README.md index 36e3eee..d2729d0 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,8 @@ ACE-RISCV is an open-source project, whose goal is to deliver a confidential com **This is an active research project, without warranties of any kind.** Please read our [paper](https://dl.acm.org/doi/pdf/10.1145/3623652.3623668) to learn about our approach and goals. -We are currently building on RISC-V with hypervisor extentions. We will adapt the AP-TEE extension once it is ratified. +## Hardware requirements +We are currently building on RISC-V with hypervisor extentions, physical memory protection (PMP), IOPMP, and supervisor timecmp extension (Sstc). We plan to adapt some of the RISC-V confidential computing extensions, such as [the CoVE extension](https://github.com/riscv-non-isa/riscv-ap-tee/blob/main/specification/riscv-cove.pdf) and [the Smmtt extension](https://github.com/riscv/riscv-smmtt). ## Quick Start Follow instructions to run a sample [confidential workload](harness/baremetal) under an [untrusted Linux-based hypervisor](hypervisor/) in an [emulated RISC-V environment](qemu/). @@ -90,6 +91,11 @@ Build the firmware that will boot the system and the security monitor (SM) make firmware ``` +Build test confidential VMs +``` +make confidential_vms +``` + Build the RISC-V emulator and tools that will simplify running the test environment ``` make emulator @@ -111,9 +117,14 @@ You should see the output from the boot process and a promt to login to the hype # login: root, password: passwd ``` -To run the sample confidential VM execute: +To run the sample `baremetal` confidential VM execute: +``` +./run_baremetal.sh +``` + +To run the sample Linux kernel confidential VM execute: ``` -./run.sh +./run_linux_vm.sh ``` # License diff --git a/confidential-vms/README.md b/confidential-vms/README.md index 23f7268..7bd6f31 100644 --- a/confidential-vms/README.md +++ b/confidential-vms/README.md @@ -2,4 +2,7 @@ This folder contains sample confidential VMs. A confidential VM is a workload that executes confidentially on the ACE infrastructure. The hypervisor, virtual machines, other confidential VMs, untrusted peripherial devices are considered untrusted. ## Baremetal CVM -A baremetal CVM is a minimal proof of concept VM that leverages ACE to run confidentially. It is a bare metal application running in virtual supervisor mode that tests presence of certain hypercalls and virtIO. \ No newline at end of file +A baremetal confidenital VM is a minimal proof of concept VM that leverages ACE to run confidentially. It is a bare metal application running in virtual supervisor mode that tests presence of certain hypercalls and virtIO. + +## Linux VM +It is a proof of concept that linux-based VMs can execute in a trusted execution environment (TEE) provided by ACE. \ No newline at end of file diff --git a/confidential-vms/baremetal/Cargo.toml b/confidential-vms/baremetal/Cargo.toml index 7597713..111d2f4 100644 --- a/confidential-vms/baremetal/Cargo.toml +++ b/confidential-vms/baremetal/Cargo.toml @@ -17,4 +17,4 @@ buddy_system_allocator = "0.9.0" sbi = "0.2.0" # provides macros that help removing boilerplate code in rust error handling -thiserror-no-std = "2.0" +thiserror-no-std = "2.0" \ No newline at end of file diff --git a/confidential-vms/baremetal/Makefile b/confidential-vms/baremetal/Makefile index 7f3163d..75ef351 100644 --- a/confidential-vms/baremetal/Makefile +++ b/confidential-vms/baremetal/Makefile @@ -1,29 +1,39 @@ -CARGO = cargo -RELEASE = --release -CHAIN=riscv64gc-unknown-none-elf -TARGET = --target=$(CHAIN) -RUSTFLAGS = -Clink-arg=-Tsrc/platform/virt.lds -Crelocation-model=pie #-Ccode-model=medium -EXEC_NAME = baremetal -MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) -MAKEFILE_SOURCE_DIR := $(dir $(realpath $(lastword $(MAKEFILE_LIST)))) - -ACE_DIR := $(if $(ACE_DIR),$(ACE_DIR),$(MAKEFILE_SOURCE_DIR)target/) -BIN_DIR := $(if $(BIN_DIR),$(BIN_DIR),$(ACE_DIR)/harness/baremetal/) -TARGET_DIR := $(ACE_DIR)/harness/baremetal/ - -all: build +#!/usr/bin/env bash +# SPDX-FileCopyrightText: 2023 IBM Corporation +# SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich +# SPDX-License-Identifier: Apache-2.0 +CARGO = cargo +RELEASE ?= --release +CHAIN = riscv64gc-unknown-none-elf +TARGET = --target=$(CHAIN) +RUSTFLAGS = -Clink-arg=-Tsrc/platform/virt.lds -Crelocation-model=pie #-Ccode-model=medium +EXEC_NAME = baremetal + +ACE_DIR := $(if $(ACE_DIR),$(ACE_DIR),$(MAKEFILE_SOURCE_DIR)../../build/) +# +MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) +MAKEFILE_SOURCE_DIR := $(dir $(realpath $(lastword $(MAKEFILE_LIST)))) +# +CONFIDENTIAL_VMS_WORK_DIR := $(ACE_DIR)/confidential_vms/ +CONFIDENTIAL_VMS_BAREMETAL_WORK_DIR := $(CONFIDENTIAL_VMS_WORK_DIR)/baremetal/ +# +HYPERVISOR_OVERLAY_DIR ?= $(ACE_DIR)/hypervisor/overlay +HYPERVISOR_OVERLAY_ROOT_DIR ?= $(HYPERVISOR_OVERLAY_DIR)/root +HYPERVISOR_OVERLAY_BAREMETAL_DIR ?= $(HYPERVISOR_OVERLAY_ROOT_DIR)/baremetal +CONFIDENTIAL_VMS_BAREMETAL_ROOTFS_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/rootfs + +all: overlay build: fmt - @mkdir -p $(TARGET_DIR) - @mkdir -p $(BIN_DIR) - @RUSTFLAGS='$(RUSTFLAGS)' CARGO_TARGET_DIR=$(TARGET_DIR) INSTALL_DIR=$(ACE_DIR) $(CARGO) build $(RELEASE) $(TARGET) - @cp $(TARGET_DIR)/$(CHAIN)/release/$(EXEC_NAME) $(BIN_DIR)/ - -debug: - @mkdir -p $(TARGET_DIR) - @mkdir -p $(BIN_DIR) - @RUSTFLAGS='$(RUSTFLAGS)' CARGO_TARGET_DIR=$(TARGET_DIR) INSTALL_DIR=$(ACE_DIR) $(CARGO) build $(TARGET) - @cp $(TARGET_DIR)/$(CHAIN)/debug/$(EXEC_NAME) $(BIN_DIR)/ + @mkdir -p $(CONFIDENTIAL_VMS_BAREMETAL_WORK_DIR) + @RUSTFLAGS='$(RUSTFLAGS)' CARGO_TARGET_DIR=$(CONFIDENTIAL_VMS_BAREMETAL_WORK_DIR) INSTALL_DIR=$(HYPERVISOR_OVERLAY_BAREMETAL_DIR) $(CARGO) build $(RELEASE) $(TARGET) + +overlay: build + mkdir -p $(HYPERVISOR_OVERLAY_ROOT_DIR) ;\ + mkdir -p $(HYPERVISOR_OVERLAY_BAREMETAL_DIR) ;\ + cp $(CONFIDENTIAL_VMS_BAREMETAL_ROOTFS_SOURCE_DIR)/*.sh $(HYPERVISOR_OVERLAY_ROOT_DIR)/ ;\ + cp $(CONFIDENTIAL_VMS_BAREMETAL_WORK_DIR)/$(CHAIN)/release/$(EXEC_NAME) $(HYPERVISOR_OVERLAY_BAREMETAL_DIR)/ ;\ + cp $(CONFIDENTIAL_VMS_BAREMETAL_WORK_DIR)/$(CHAIN)/debug/$(EXEC_NAME) $(HYPERVISOR_OVERLAY_BAREMETAL_DIR)/ doc: @$(CARGO) doc diff --git a/hypervisor/rootfs/run.sh b/confidential-vms/baremetal/rootfs/run_baremetal.sh similarity index 85% rename from hypervisor/rootfs/run.sh rename to confidential-vms/baremetal/rootfs/run_baremetal.sh index 2b79b1a..e49914c 100755 --- a/hypervisor/rootfs/run.sh +++ b/confidential-vms/baremetal/rootfs/run_baremetal.sh @@ -6,4 +6,4 @@ # this script is used for the development process to run the VM/confidential VM . common.sh -run_baremetal \ No newline at end of file +run_confidential_vm "baremetal/baremetal" 2 128M \ No newline at end of file diff --git a/hypervisor/rootfs/test_esm.sh b/confidential-vms/baremetal/rootfs/test_esm.sh similarity index 74% rename from hypervisor/rootfs/test_esm.sh rename to confidential-vms/baremetal/rootfs/test_esm.sh index 60f5474..834ec7a 100755 --- a/hypervisor/rootfs/test_esm.sh +++ b/confidential-vms/baremetal/rootfs/test_esm.sh @@ -5,9 +5,9 @@ . common.sh -run_baremetal -sleep 15 # wait for the test to finish -kill_baremetal +run_confidential_vm "baremetal/baremetal" 2 128M +sleep 25 # wait for the test to finish +kill_confidential_vm result="$(grep 'Hello IBM from confidential VM' guest.log | wc -l)" if [[ "$result" -ne 1 ]]; then diff --git a/confidential-vms/baremetal/src/calls/mod.rs b/confidential-vms/baremetal/src/calls/mod.rs index 3af181b..e3496ee 100644 --- a/confidential-vms/baremetal/src/calls/mod.rs +++ b/confidential-vms/baremetal/src/calls/mod.rs @@ -7,15 +7,7 @@ use core::arch::asm; pub mod ace; pub mod sm; -fn ecall( - extid: usize, - fid: usize, - a0: usize, - a1: usize, - a2: usize, - a3: usize, - a4: usize, -) -> Result { +fn ecall(extid: usize, fid: usize, a0: usize, a1: usize, a2: usize, a3: usize, a4: usize) -> Result { let (mut error, mut value); unsafe { asm!("ecall", in("a0") a0, in("a1") a1, in("a2") a2, in("a3") a3, in("a4") a4, in("a6") fid, in("a7") extid, lateout("a0") error, lateout("a1") value) diff --git a/confidential-vms/baremetal/src/calls/sm.rs b/confidential-vms/baremetal/src/calls/sm.rs index 87587f5..0b47814 100644 --- a/confidential-vms/baremetal/src/calls/sm.rs +++ b/confidential-vms/baremetal/src/calls/sm.rs @@ -13,14 +13,5 @@ pub fn esm() -> Result { } pub fn share_page(paddr: usize, number_of_pages: usize) -> Result { - super::ecall( - ACE_EXTID, - ACE_SHARE_PAGE_FID, - paddr, - number_of_pages, - 0, - 0, - 0, - ) - .map_err(|_| Error::SharePageError()) + super::ecall(ACE_EXTID, ACE_SHARE_PAGE_FID, paddr, number_of_pages, 0, 0, 0).map_err(|_| Error::SharePageError()) } diff --git a/confidential-vms/baremetal/src/hal.rs b/confidential-vms/baremetal/src/hal.rs index 091e329..b419453 100644 --- a/confidential-vms/baremetal/src/hal.rs +++ b/confidential-vms/baremetal/src/hal.rs @@ -1,9 +1,9 @@ // SPDX-FileCopyrightText: 2023 IBM Corporation // SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich // SPDX-License-Identifier: Apache-2.0 -use core::{ptr::NonNull, sync::atomic::Ordering}; -use virtio_drivers::PAGE_SIZE; -use virtio_drivers::{BufferDirection, Hal, PhysAddr}; +use core::ptr::NonNull; +use core::sync::atomic::Ordering; +use virtio_drivers::{BufferDirection, Hal, PhysAddr, PAGE_SIZE}; pub struct ScratchPage { pub base_paddr: usize, @@ -60,12 +60,7 @@ unsafe impl Hal for HalSvmImpl { .and_then(|sp| { let position = sp.position; let paddr = sp.base_paddr + position; - sp.translations.push(BufferTranslation { - vaddr, - paddr, - position, - len: buffer.len(), - }); + sp.translations.push(BufferTranslation { vaddr, paddr, position, len: buffer.len() }); for i in 0..buffer.len() { let input_ptr = (vaddr + i) as *mut u8; let output_ptr = (sp.base_paddr + sp.position) as *mut u8; diff --git a/confidential-vms/baremetal/src/macros.rs b/confidential-vms/baremetal/src/macros.rs index 216185b..8b53895 100644 --- a/confidential-vms/baremetal/src/macros.rs +++ b/confidential-vms/baremetal/src/macros.rs @@ -28,12 +28,7 @@ macro_rules! println fn panic(info: &core::panic::PanicInfo) -> ! { print!("Aborting: "); if let Some(p) = info.location() { - println!( - "line {}, file {}: {}", - p.line(), - p.file(), - info.message().unwrap() - ); + println!("line {}, file {}: {}", p.line(), p.file(), info.message().unwrap()); } else { println!("no information available."); } diff --git a/confidential-vms/baremetal/src/main.rs b/confidential-vms/baremetal/src/main.rs index 69bf1b8..7935d73 100644 --- a/confidential-vms/baremetal/src/main.rs +++ b/confidential-vms/baremetal/src/main.rs @@ -21,8 +21,8 @@ mod macros; mod calls; mod error; mod hal; -mod trap; mod sync; +mod trap; mod virtio; mod worker; @@ -144,8 +144,7 @@ fn test_virtio(fdt_paddr: usize) -> Result<(), Error> { let (input_paddr, output_paddr) = prepare_shared_memory()?; let input: &mut [u8] = unsafe { core::slice::from_raw_parts_mut(input_paddr as *mut u8, 512) }; - let mut output: &mut [u8] = - unsafe { core::slice::from_raw_parts_mut(output_paddr as *mut u8, 512) }; + let mut output: &mut [u8] = unsafe { core::slice::from_raw_parts_mut(output_paddr as *mut u8, 512) }; for x in input.iter_mut() { *x = 'I' as u8; } @@ -169,22 +168,10 @@ fn test_virtio(fdt_paddr: usize) -> Result<(), Error> { fn init_memory(uart: &mut Uart) { unsafe { - HEAP_ALLOCATOR - .lock() - .init(_heap_start as usize, _heap_size as usize); - uart.println(&format!( - "Stack 0x{:x}-0x{:x}", - _stack_start as usize, _stack_end as usize - )); - uart.println(&format!( - "DMA 0x{:x}-0x{:x}", - _dma_start as usize, _dma_end as usize - )); - uart.println(&format!( - "Heap 0x{:x}-0x{:x}", - _heap_start as usize, - _heap_start as usize + _heap_size as usize - )); + HEAP_ALLOCATOR.lock().init(_heap_start as usize, _heap_size as usize); + uart.println(&format!("Stack 0x{:x}-0x{:x}", _stack_start as usize, _stack_end as usize)); + uart.println(&format!("DMA 0x{:x}-0x{:x}", _dma_start as usize, _dma_end as usize)); + uart.println(&format!("Heap 0x{:x}-0x{:x}", _heap_start as usize, _heap_start as usize + _heap_size as usize)); let dma_start = (_dma_start as usize + 4096 - 1) & !(4096 - 1); crate::DMA_PADDR = Some(AtomicUsize::new(dma_start)); } @@ -202,10 +189,7 @@ fn prepare_shared_memory() -> Result<(usize, usize), Error> { let pages_to_allocate = 3; let paddr = unsafe { if let Some(v) = &crate::DMA_PADDR { - v.fetch_add( - virtio_drivers::PAGE_SIZE * pages_to_allocate, - core::sync::atomic::Ordering::SeqCst, - ) + v.fetch_add(virtio_drivers::PAGE_SIZE * pages_to_allocate, core::sync::atomic::Ordering::SeqCst) } else { return Err(Error::DmaNotInitialized()); } @@ -218,14 +202,9 @@ fn prepare_shared_memory() -> Result<(usize, usize), Error> { let scratch_paddr = paddr + 2 * 4096; unsafe { - crate::SCRATCH_PAGE = Some(crate::hal::ScratchPage { - base_paddr: scratch_paddr, - position: 0, - translations: alloc::vec![], - }); + crate::SCRATCH_PAGE = + Some(crate::hal::ScratchPage { base_paddr: scratch_paddr, position: 0, translations: alloc::vec![] }); } Ok((input_paddr, output_paddr)) } - - diff --git a/confidential-vms/baremetal/src/sync.rs b/confidential-vms/baremetal/src/sync.rs index dda6070..7585fba 100644 --- a/confidential-vms/baremetal/src/sync.rs +++ b/confidential-vms/baremetal/src/sync.rs @@ -1,14 +1,14 @@ extern "C" { - fn _acquire(address: usize); - fn _release(address: usize); + fn _acquire(address: usize); + fn _release(address: usize); } pub static UART_SYNC_ADDRESS: usize = 0x8009D000; pub fn acquire(address: usize) { - unsafe { _acquire(address) }; + unsafe { _acquire(address) }; } pub fn release(address: usize) { - unsafe { _release(address) }; -} \ No newline at end of file + unsafe { _release(address) }; +} diff --git a/confidential-vms/baremetal/src/trap.rs b/confidential-vms/baremetal/src/trap.rs index b25bc60..4cfd396 100644 --- a/confidential-vms/baremetal/src/trap.rs +++ b/confidential-vms/baremetal/src/trap.rs @@ -12,26 +12,19 @@ pub struct TrapFrame { impl TrapFrame { pub const fn zero() -> Self { - TrapFrame { - regs: [0; 32], - trap_stack: null_mut(), - } + TrapFrame { regs: [0; 32], trap_stack: null_mut() } } } #[no_mangle] -extern "C" fn trap_handler( - sepc: usize, - stval: usize, - scause: usize, -) -> usize { +extern "C" fn trap_handler(sepc: usize, stval: usize, scause: usize) -> usize { let is_async = (scause >> 63 & 1) == 1; let cause_num = scause & 0xfff; let mut return_pc = sepc; if is_async { // println!("Supervisor software interrupt!"); // match cause_num { - // _ => panic!("Unhandled interrupt -> {}\n", cause_num), + // _ => panic!("Unhandled interrupt -> {}\n", cause_num), // } } else { // match cause_num { diff --git a/confidential-vms/baremetal/src/uart.rs b/confidential-vms/baremetal/src/uart.rs index f55db2d..8047df7 100644 --- a/confidential-vms/baremetal/src/uart.rs +++ b/confidential-vms/baremetal/src/uart.rs @@ -2,8 +2,7 @@ // SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich // SPDX-License-Identifier: Apache-2.0 use core::convert::TryInto; -use core::fmt::Error; -use core::fmt::Write; +use core::fmt::{Error, Write}; pub struct Uart { base_address: usize, diff --git a/confidential-vms/baremetal/src/virtio.rs b/confidential-vms/baremetal/src/virtio.rs index 30fddd8..cb48803 100644 --- a/confidential-vms/baremetal/src/virtio.rs +++ b/confidential-vms/baremetal/src/virtio.rs @@ -6,15 +6,12 @@ use core::ptr::NonNull; use fdt::node::FdtNode; use fdt::Fdt; use virtio_drivers::device::blk::VirtIOBlk; -use virtio_drivers::transport::mmio::VirtIOHeader; -use virtio_drivers::transport::{mmio::MmioTransport, DeviceType, Transport}; +use virtio_drivers::transport::mmio::{MmioTransport, VirtIOHeader}; +use virtio_drivers::transport::{DeviceType, Transport}; pub fn get_block_device(dtb: usize) -> Option> { let transport = get_transport(dtb).expect("blk device not found"); - Some( - VirtIOBlk::::new(transport) - .expect("failed to create blk driver"), - ) + Some(VirtIOBlk::::new(transport).expect("failed to create blk driver")) } pub fn get_transport(dtb: usize) -> Option { diff --git a/confidential-vms/baremetal/src/worker.rs b/confidential-vms/baremetal/src/worker.rs index 0500708..72f49a0 100644 --- a/confidential-vms/baremetal/src/worker.rs +++ b/confidential-vms/baremetal/src/worker.rs @@ -1,11 +1,7 @@ // SPDX-FileCopyrightText: 2023 IBM Corporation // SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich // SPDX-License-Identifier: Apache-2.0 -use crate::Uart; -use crate::UART_BASE_ADDRESS; -use crate::trap_handler_asm; -use crate::trap; -use crate::format; +use crate::{format, trap, trap_handler_asm, Uart, UART_BASE_ADDRESS}; #[no_mangle] extern "C" fn worker_init(hart_id: usize) { @@ -16,7 +12,7 @@ extern "C" fn worker_init(hart_id: usize) { uart.println(&format!("trap handler address: {:x}", trap_handler_asm_address)); unsafe { - // set the address of the trap handler + // set the address of the trap handler riscv::register::stvec::write(trap_handler_asm_address, riscv::register::mtvec::TrapMode::Direct); // store the address of the trap frame let trap_frame_address: usize = (&mut crate::TRAP_FRAME[hart_id][0] as *mut trap::TrapFrame) as usize; @@ -28,9 +24,6 @@ extern "C" fn worker_init(hart_id: usize) { riscv::register::sstatus::set_sie(); } - sbi::system_reset::system_reset( - sbi::system_reset::ResetType::Shutdown, - sbi::system_reset::ResetReason::NoReason, - ) - .expect("system reset failed"); -} + sbi::system_reset::system_reset(sbi::system_reset::ResetType::Shutdown, sbi::system_reset::ResetReason::NoReason) + .expect("system reset failed"); +} diff --git a/confidential-vms/linux_vm/Makefile b/confidential-vms/linux_vm/Makefile new file mode 100644 index 0000000..f46d6e2 --- /dev/null +++ b/confidential-vms/linux_vm/Makefile @@ -0,0 +1,75 @@ +#!/usr/bin/env bash +# SPDX-FileCopyrightText: 2023 IBM Corporation +# SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich +# SPDX-License-Identifier: Apache-2.0 +MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) +MAKEFILE_SOURCE_DIR := $(dir $(realpath $(lastword $(MAKEFILE_LIST)))) +ACE_DIR := $(if $(ACE_DIR),$(ACE_DIR),$(MAKEFILE_SOURCE_DIR)../build/) + +CONFIDENTIAL_VMS_WORK_DIR ?= $(ACE_DIR)/confidential_vms/ +CONFIDENTIAL_VMS_LINUX_WORK_DIR ?= $(CONFIDENTIAL_VMS_WORK_DIR)/linux_vm/ +CONFIDENTIAL_VMS_LINUX_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR) + +LINUX_VM_ROOTFS_SOURCE_DIR ?= $(CONFIDENTIAL_VMS_LINUX_SOURCE_DIR)/rootfs +LINUX_VM_BUILDROOT_SOURCE_DIR ?= $(CONFIDENTIAL_VMS_LINUX_SOURCE_DIR)/../../hypervisor/buildroot +LINUX_VM_BUILDROOT_WORK_DIR ?= $(CONFIDENTIAL_VMS_LINUX_WORK_DIR)/buildroot +LINUX_VM_BUILDROOT_ROOTFS ?= $(LINUX_VM_BUILDROOT_WORK_DIR)/images/rootfs.ext2 +LINUX_VM_BUILDROOT_ROOTFS_SIZE ?= "1G" +LINUX_VM_IMAGE ?= $(LINUX_VM_BUILDROOT_WORK_DIR)/images/Image +LINUX_VM_KERNEL_CONFIG ?= $(CONFIDENTIAL_VMS_LINUX_SOURCE_DIR)/configurations/linux64-defconfig +LINUX_VM_BUILDROOT_CONFIG ?= $(CONFIDENTIAL_VMS_LINUX_SOURCE_DIR)/configurations/qemu_riscv64_virt_defconfig +LINUX_VM_BUILDROOT_OVERRIDE_DIR ?= $(CONFIDENTIAL_VMS_LINUX_SOURCE_DIR)/configurations/package_override.dev +LINUX_VM_PATCHES_DIR ?= $(CONFIDENTIAL_VMS_LINUX_SOURCE_DIR)/patches/linux/6.3-rc5 +# overlays +HYPERVISOR_OVERLAY_DIR ?= $(ACE_DIR)/hypervisor/overlay/ +HYPERVISOR_OVERLAY_ROOT_DIR ?= $(HYPERVISOR_OVERLAY_DIR)/root/ +HYPERVISOR_OVERLAY_LINUX_VM_DIR ?= $(HYPERVISOR_OVERLAY_ROOT_DIR)/linux_vm/ + +RISCV_GNU_TOOLCHAIN_WORK_DIR ?= $(ACE_DIR)/riscv-gnu-toolchain/ +export PATH := $(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH) + +CROSS_COMPILE ?= riscv64-unknown-linux-gnu- + +all: buildroot + +setup: + @mkdir -p $(ACE_DIR) + +buildroot: setup + if [ ! -f "${LINUX_VM_BUILDROOT_ROOTFS}" ]; then \ + echo "Building buildroot"; \ + rm -rf $(LINUX_VM_BUILDROOT_WORK_DIR); \ + mkdir -p $(LINUX_VM_BUILDROOT_WORK_DIR); \ + mkdir -p $(HYPERVISOR_OVERLAY_ROOT_DIR); \ + mkdir -p $(HYPERVISOR_OVERLAY_DIR); \ + cp $(LINUX_VM_BUILDROOT_CONFIG) $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_ROOTFS_OVERLAY=.*@BR2_ROOTFS_OVERLAY=\"$(HYPERVISOR_OVERLAY_DIR)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_TARGET_ROOTFS_EXT2_SIZE=.*@BR2_TARGET_ROOTFS_EXT2_SIZE=\"$(LINUX_VM_BUILDROOT_ROOTFS_SIZE)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=.*@BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=\"$(LINUX_VM_KERNEL_CONFIG)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_LINUX_KERNEL_PATCH=.*@BR2_LINUX_KERNEL_PATCH=\"$(LINUX_VM_PATCHES_DIR)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(LINUX_VM_BUILDROOT_SOURCE_DIR) RISCV=$(RISCV_GNU_TOOLCHAIN_WORK_DIR) PATH=$(PATH) O=$(LINUX_VM_BUILDROOT_WORK_DIR) CROSS_COMPILE=$(CROSS_COMPILE) BR2_JLEVEL=0 olddefconfig; \ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(LINUX_VM_BUILDROOT_SOURCE_DIR) RISCV=$(RISCV_GNU_TOOLCHAIN_WORK_DIR) PATH=$(PATH) O=$(LINUX_VM_BUILDROOT_WORK_DIR) BR2_JLEVEL=0; \ + fi + +dev: + echo "Rebuilding buildroot"; \ + cp $(LINUX_VM_BUILDROOT_CONFIG) $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_ROOTFS_OVERLAY=.*@BR2_ROOTFS_OVERLAY=\"$(HYPERVISOR_OVERLAY_DIR)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_TARGET_ROOTFS_EXT2_SIZE=.*@BR2_TARGET_ROOTFS_EXT2_SIZE=\"$(LINUX_VM_BUILDROOT_ROOTFS_SIZE)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=.*@BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=\"$(LINUX_VM_KERNEL_CONFIG)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_LINUX_KERNEL_PATCH=.*@BR2_LINUX_KERNEL_PATCH=\"$(LINUX_VM_PATCHES_DIR)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_PACKAGE_OVERRIDE_FILE=.*@BR2_PACKAGE_OVERRIDE_FILE=\"$(LINUX_VM_BUILDROOT_OVERRIDE_DIR)\"@g" -i $(LINUX_VM_BUILDROOT_WORK_DIR)/.config; \ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(LINUX_VM_BUILDROOT_SOURCE_DIR) RISCV=$(RISCV) PATH=$(PATH) O=$(LINUX_VM_BUILDROOT_WORK_DIR) CROSS_COMPILE=$(CROSS_COMPILE) BR2_JLEVEL=0 linux-rebuild all + +overlay: setup + mkdir -p $(HYPERVISOR_OVERLAY_ROOT_DIR) ;\ + cp $(LINUX_VM_ROOTFS_SOURCE_DIR)/*.sh $(HYPERVISOR_OVERLAY_ROOT_DIR)/ ;\ + rm -rf $(HYPERVISOR_OVERLAY_LINUX_VM_DIR) ;\ + mkdir -p $(HYPERVISOR_OVERLAY_LINUX_VM_DIR) ;\ + cp -r $(LINUX_VM_IMAGE) $(HYPERVISOR_OVERLAY_LINUX_VM_DIR)/ ;\ + cp -r $(LINUX_VM_BUILDROOT_ROOTFS) $(HYPERVISOR_OVERLAY_LINUX_VM_DIR) + +clean: + rm -rf $(ACE_DIR) + +.PHONY: all buildroot linux clean overlay rootfs diff --git a/confidential-vms/linux_vm/configurations/linux64-defconfig b/confidential-vms/linux_vm/configurations/linux64-defconfig new file mode 100644 index 0000000..11233aa --- /dev/null +++ b/confidential-vms/linux_vm/configurations/linux64-defconfig @@ -0,0 +1,3162 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/riscv 5.4.0 Kernel Configuration +# + +# +# Compiler: riscv64-unknown-linux-gnu-gcc (GCC) 7.2.0 +# +CONFIG_ACE_GUEST=y +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_SWIOTLB=y + +CONFIG_HAVE_GCC_PLUGINS=n +CONFIG_GCC_PLUGINS=y + +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=70200 +CONFIG_CLANG_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_HAS_ASM_GOTO=y +CONFIG_CC_HAS_WARN_MAYBE_UNINITIALIZED=y +CONFIG_IRQ_WORK=y +CONFIG_THREAD_INFO_IN_TASK=y + + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_HEADER_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_BUILD_SALT="" +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_USELIB is not set +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_SPARSE_IRQ=y +# end of IRQ subsystem + +CONFIG_GENERIC_IRQ_MULTI_HANDLER=y +CONFIG_GENERIC_CLOCKEVENTS=y + + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ is not set +CONFIG_HIGH_RES_TIMERS=y +# end of Timers subsystem + +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_BSD_PROCESS_ACCT is not set +# CONFIG_TASKSTATS is not set +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TREE_SRCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=17 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +CONFIG_GENERIC_SCHED_CLOCK=y + +# +# Scheduler features +# +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +# CONFIG_MEMCG is not set +# CONFIG_BLK_CGROUP is not set +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +# CONFIG_CGROUP_PIDS is not set +# CONFIG_CGROUP_RDMA is not set +# CONFIG_CGROUP_FREEZER is not set +# CONFIG_CPUSETS is not set +# CONFIG_CGROUP_DEVICE is not set +# CONFIG_CGROUP_CPUACCT is not set +CONFIG_CGROUP_BPF=y +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +CONFIG_IPC_NS=y +CONFIG_USER_NS=y +CONFIG_PID_NS=y +CONFIG_NET_NS=y +CONFIG_CHECKPOINT_RESTORE=y +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="" +CONFIG_RD_GZIP=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZMA=y +CONFIG_RD_XZ=y +CONFIG_RD_LZO=y +CONFIG_RD_LZ4=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_SYSCTL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_BPF=y +CONFIG_EXPERT=y +CONFIG_MULTIUSER=y +# CONFIG_SGETMASK_SYSCALL is not set +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_HAVE_FUTEX_CMPXCHG=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_BPF_SYSCALL=y +# CONFIG_USERFAULTFD is not set +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y +# CONFIG_PC104 is not set + +# +# Kernel Performance Events And Counters +# +# CONFIG_PERF_EVENTS is not set +# end of Kernel Performance Events And Counters + +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_SLUB_DEBUG=y +CONFIG_COMPAT_BRK=y +# CONFIG_SLAB is not set +CONFIG_SLUB=y +# CONFIG_SLOB is not set +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SLAB_FREELIST_HARDENED is not set +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +CONFIG_SLUB_CPU_PARTIAL=y +# CONFIG_PROFILING is not set +# end of General setup + +CONFIG_64BIT=y +CONFIG_RISCV=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=18 +CONFIG_ARCH_MMAP_RND_BITS_MAX=24 +CONFIG_MMU=y +CONFIG_VIRTUALIZATION=n +CONFIG_RISCV_SBI=n +CONFIG_RISCV_SBI_V01=n +CONFIG_KVM=n +CONFIG_ZONE_DMA32=y +CONFIG_VA_BITS=39 +CONFIG_PA_BITS=56 +CONFIG_PAGE_OFFSET=0xffffffe000000000 +CONFIG_ARCH_FLATMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_SYS_SUPPORTS_HUGETLBFS=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_GENERIC_CSUM=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=3 + +# +# SoC selection +# +CONFIG_SOC_SIFIVE=y +# end of SoC selection + +# +# Platform type +# +# CONFIG_ARCH_RV32I is not set +CONFIG_ARCH_RV64I=y +# CONFIG_CMODEL_MEDLOW is not set +CONFIG_CMODEL_MEDANY=y +CONFIG_MODULE_SECTIONS=y +# CONFIG_MAXPHYSMEM_2GB is not set +CONFIG_MAXPHYSMEM_128GB=y +CONFIG_SMP=y +CONFIG_NR_CPUS=8 +CONFIG_TUNE_GENERIC=y +CONFIG_RISCV_ISA_C=y +CONFIG_FPU=y +# end of Platform type + +# +# Kernel features +# +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# end of Kernel features + +# +# Boot options +# +CONFIG_CMDLINE="" +# end of Boot options + +# +# Power management options +# +# CONFIG_PM is not set +# end of Power management options + +# +# General architecture-dependent options +# +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_CLK=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_CC_HAS_STACKPROTECTOR_NONE=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_ARCH_MMAP_RND_BITS=18 +CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT=y +CONFIG_CLONE_BACKWARDS=y +CONFIG_64BIT_TIME=y +# CONFIG_REFCOUNT_FULL is not set + +# +# GCOV-based kernel profiling +# +# end of GCOV-based kernel profiling + +CONFIG_PLUGIN_HOSTCC="g++" +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +CONFIG_MODULES=y +# CONFIG_MODULE_FORCE_LOAD is not set +CONFIG_MODULE_UNLOAD=y +# CONFIG_MODULE_FORCE_UNLOAD is not set +# CONFIG_MODVERSIONS is not set +# CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set +# CONFIG_MODULE_COMPRESS is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_TRIM_UNUSED_KSYMS is not set +CONFIG_BLOCK=y +CONFIG_BLK_SCSI_REQUEST=y +CONFIG_BLK_DEV_BSG=y +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_CMDLINE_PARSER is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_SED_OPAL is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y + +# +# IO Schedulers +# +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MQ_IOSCHED_KYBER=y +# CONFIG_IOSCHED_BFQ is not set +# end of IO Schedulers + +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_HAS_MMIOWB=y +CONFIG_MMIOWB=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_ARCH_HAS_BINFMT_FLAT=y +# CONFIG_BINFMT_FLAT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_FLATMEM_MANUAL=y +# CONFIG_SPARSEMEM_MANUAL is not set +CONFIG_FLATMEM=y +CONFIG_FLAT_NODE_MEM_MAP=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y +CONFIG_COMPACTION=y +CONFIG_MIGRATION=y +CONFIG_CONTIG_ALLOC=y +CONFIG_PHYS_ADDR_T_64BIT=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +CONFIG_CMA=y +# CONFIG_CMA_DEBUG is not set +CONFIG_CMA_AREAS=7 +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +# CONFIG_PERCPU_STATS is not set +# CONFIG_GUP_BENCHMARK is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +# end of Memory Management options + +CONFIG_NET=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +# CONFIG_UNIX_DIAG is not set +# CONFIG_TLS is not set +# CONFIG_XFRM_USER is not set +# CONFIG_NET_KEY is not set +# CONFIG_XDP_SOCKETS is not set +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +# CONFIG_IP_MULTIPLE_TABLES is not set +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_RARP=y +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_IP_MROUTE is not set +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +# CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +CONFIG_INET_TUNNEL=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_RAW_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +# CONFIG_IPV6_OPTIMISTIC_DAD is not set +# CONFIG_INET6_AH is not set +# CONFIG_INET6_ESP is not set +# CONFIG_INET6_IPCOMP is not set +# CONFIG_IPV6_MIP6 is not set +# CONFIG_IPV6_VTI is not set +CONFIG_IPV6_SIT=y +# CONFIG_IPV6_SIT_6RD is not set +CONFIG_IPV6_NDISC_NODETYPE=y +# CONFIG_IPV6_TUNNEL is not set +# CONFIG_IPV6_MULTIPLE_TABLES is not set +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +# CONFIG_NETFILTER is not set +# CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +CONFIG_DNS_RESOLVER=y +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +CONFIG_NETLINK_DIAG=y +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_NET_NCSI is not set +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_XPS=y +# CONFIG_CGROUP_NET_PRIO is not set +# CONFIG_CGROUP_NET_CLASSID is not set +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +# CONFIG_BPF_JIT is not set +# CONFIG_BPF_STREAM_PARSER is not set +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +CONFIG_FAILOVER=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCI_DOMAINS_GENERIC=y +CONFIG_PCIEPORTBUS=y +CONFIG_PCIEAER=y +# CONFIG_PCIEAER_INJECT is not set +# CONFIG_PCIE_ECRC is not set +CONFIG_PCIEASPM=y +# CONFIG_PCIEASPM_DEBUG is not set +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +# CONFIG_PCIE_DPC is not set +# CONFIG_PCIE_PTM is not set +# CONFIG_PCIE_BW is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_STUB is not set +CONFIG_PCI_ECAM=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI controller drivers +# + +# +# Cadence PCIe controllers support +# +# CONFIG_PCIE_CADENCE_HOST is not set +# end of Cadence PCIe controllers support + +# CONFIG_PCI_FTPCI100 is not set +CONFIG_PCI_HOST_COMMON=y +CONFIG_PCI_HOST_GENERIC=y +CONFIG_PCIE_XILINX=y + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT_HOST is not set +# CONFIG_PCI_MESON is not set +# end of DesignWare PCI Core Support +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +# CONFIG_UEVENT_HELPER is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER is not set +# CONFIG_FW_LOADER_COMPRESS is not set +# end of Firmware loader + +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_GENERIC_CPU_DEVICES=y +CONFIG_DMA_SHARED_BUFFER=y +# CONFIG_DMA_FENCE_TRACE is not set +CONFIG_GENERIC_ARCH_TOPOLOGY=y +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MOXTET is not set +# end of Bus devices + +# CONFIG_CONNECTOR is not set +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +CONFIG_DTC=y +CONFIG_OF=y +# CONFIG_OF_UNITTEST is not set +CONFIG_OF_FLATTREE=y +CONFIG_OF_EARLY_FLATTREE=y +CONFIG_OF_KOBJ=y +CONFIG_OF_ADDRESS=y +CONFIG_OF_IRQ=y +CONFIG_OF_NET=y +CONFIG_OF_MDIO=y +CONFIG_OF_RESERVED_MEM=y +# CONFIG_OF_OVERLAY is not set +# CONFIG_PARPORT is not set +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +CONFIG_CDROM=y +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_DEV_UMEM is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_VIRTIO_BLK_SCSI is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_AD525X_DPOT is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ICS932S401 is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_APDS9802ALS is not set +# CONFIG_ISL29003 is not set +# CONFIG_ISL29020 is not set +# CONFIG_SENSORS_TSL2550 is not set +# CONFIG_SENSORS_BH1770 is not set +# CONFIG_SENSORS_APDS990X is not set +# CONFIG_HMC6352 is not set +# CONFIG_DS1682 is not set +# CONFIG_LATTICE_ECP3_CONFIG is not set +# CONFIG_SRAM is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_PVPANIC is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_AT24 is not set +# CONFIG_EEPROM_AT25 is not set +# CONFIG_EEPROM_LEGACY is not set +# CONFIG_EEPROM_MAX6875 is not set +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_EEPROM_93XX46 is not set +# CONFIG_EEPROM_IDT_89HPESX is not set +# CONFIG_EEPROM_EE1004 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# end of Texas Instruments shared transport line discipline + +# CONFIG_SENSORS_LIS3_SPI is not set +# CONFIG_SENSORS_LIS3_I2C is not set +# CONFIG_ALTERA_STAPL is not set + +# +# Intel MIC & related support +# + +# +# Intel MIC Bus Driver +# + +# +# SCIF Bus Driver +# + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# end of Intel MIC & related support + +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_MISC_RTSX_USB is not set +# CONFIG_HABANA_AI is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +CONFIG_SCSI=y +CONFIG_SCSI_DMA=y +CONFIG_SCSI_PROC_FS=y + +# +# SCSI support type (disk, tape, CD-ROM) +# +CONFIG_BLK_DEV_SD=y +# CONFIG_CHR_DEV_ST is not set +CONFIG_BLK_DEV_SR=y +# CONFIG_BLK_DEV_SR_VENDOR is not set +# CONFIG_CHR_DEV_SG is not set +# CONFIG_CHR_DEV_SCH is not set +# CONFIG_SCSI_CONSTANTS is not set +# CONFIG_SCSI_LOGGING is not set +# CONFIG_SCSI_SCAN_ASYNC is not set + +# +# SCSI Transports +# +# CONFIG_SCSI_SPI_ATTRS is not set +# CONFIG_SCSI_FC_ATTRS is not set +# CONFIG_SCSI_ISCSI_ATTRS is not set +# CONFIG_SCSI_SAS_ATTRS is not set +# CONFIG_SCSI_SAS_LIBSAS is not set +# CONFIG_SCSI_SRP_ATTRS is not set +# end of SCSI Transports + +CONFIG_SCSI_LOWLEVEL=y +# CONFIG_ISCSI_TCP is not set +# CONFIG_ISCSI_BOOT_SYSFS is not set +# CONFIG_SCSI_CXGB3_ISCSI is not set +# CONFIG_SCSI_CXGB4_ISCSI is not set +# CONFIG_SCSI_BNX2_ISCSI is not set +# CONFIG_BE2ISCSI is not set +# CONFIG_BLK_DEV_3W_XXXX_RAID is not set +# CONFIG_SCSI_HPSA is not set +# CONFIG_SCSI_3W_9XXX is not set +# CONFIG_SCSI_3W_SAS is not set +# CONFIG_SCSI_ACARD is not set +# CONFIG_SCSI_AACRAID is not set +# CONFIG_SCSI_AIC7XXX is not set +# CONFIG_SCSI_AIC79XX is not set +# CONFIG_SCSI_AIC94XX is not set +# CONFIG_SCSI_MVSAS is not set +# CONFIG_SCSI_MVUMI is not set +# CONFIG_SCSI_ADVANSYS is not set +# CONFIG_SCSI_ARCMSR is not set +# CONFIG_SCSI_ESAS2R is not set +# CONFIG_MEGARAID_NEWGEN is not set +# CONFIG_MEGARAID_LEGACY is not set +# CONFIG_MEGARAID_SAS is not set +# CONFIG_SCSI_MPT3SAS is not set +# CONFIG_SCSI_MPT2SAS is not set +# CONFIG_SCSI_SMARTPQI is not set +# CONFIG_SCSI_UFSHCD is not set +# CONFIG_SCSI_HPTIOP is not set +# CONFIG_SCSI_MYRB is not set +# CONFIG_SCSI_MYRS is not set +# CONFIG_SCSI_SNIC is not set +# CONFIG_SCSI_DMX3191D is not set +# CONFIG_SCSI_FDOMAIN_PCI is not set +# CONFIG_SCSI_GDTH is not set +# CONFIG_SCSI_IPS is not set +# CONFIG_SCSI_INITIO is not set +# CONFIG_SCSI_INIA100 is not set +# CONFIG_SCSI_STEX is not set +# CONFIG_SCSI_SYM53C8XX_2 is not set +# CONFIG_SCSI_IPR is not set +# CONFIG_SCSI_QLOGIC_1280 is not set +# CONFIG_SCSI_QLA_ISCSI is not set +# CONFIG_SCSI_DC395x is not set +# CONFIG_SCSI_AM53C974 is not set +# CONFIG_SCSI_WD719X is not set +# CONFIG_SCSI_DEBUG is not set +# CONFIG_SCSI_PMCRAID is not set +# CONFIG_SCSI_PM8001 is not set +CONFIG_SCSI_VIRTIO=y +# CONFIG_SCSI_DH is not set +# end of SCSI device support + +CONFIG_ATA=y +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_SATA_PMP=y + +# +# Controllers with non-SFF native interface +# +CONFIG_SATA_AHCI=y +CONFIG_SATA_MOBILE_LPM_POLICY=0 +CONFIG_SATA_AHCI_PLATFORM=y +# CONFIG_AHCI_CEVA is not set +# CONFIG_AHCI_QORIQ is not set +# CONFIG_SATA_INIC162X is not set +# CONFIG_SATA_ACARD_AHCI is not set +# CONFIG_SATA_SIL24 is not set +CONFIG_ATA_SFF=y + +# +# SFF controllers with custom DMA interface +# +# CONFIG_PDC_ADMA is not set +# CONFIG_SATA_QSTOR is not set +# CONFIG_SATA_SX4 is not set +CONFIG_ATA_BMDMA=y + +# +# SATA SFF controllers with BMDMA +# +# CONFIG_ATA_PIIX is not set +# CONFIG_SATA_MV is not set +# CONFIG_SATA_NV is not set +# CONFIG_SATA_PROMISE is not set +# CONFIG_SATA_SIL is not set +# CONFIG_SATA_SIS is not set +# CONFIG_SATA_SVW is not set +# CONFIG_SATA_ULI is not set +# CONFIG_SATA_VIA is not set +# CONFIG_SATA_VITESSE is not set + +# +# PATA SFF controllers with BMDMA +# +# CONFIG_PATA_ALI is not set +# CONFIG_PATA_AMD is not set +# CONFIG_PATA_ARTOP is not set +# CONFIG_PATA_ATIIXP is not set +# CONFIG_PATA_ATP867X is not set +# CONFIG_PATA_CMD64X is not set +# CONFIG_PATA_CYPRESS is not set +# CONFIG_PATA_EFAR is not set +# CONFIG_PATA_HPT366 is not set +# CONFIG_PATA_HPT37X is not set +# CONFIG_PATA_HPT3X2N is not set +# CONFIG_PATA_HPT3X3 is not set +# CONFIG_PATA_IT8213 is not set +# CONFIG_PATA_IT821X is not set +# CONFIG_PATA_JMICRON is not set +# CONFIG_PATA_MARVELL is not set +# CONFIG_PATA_NETCELL is not set +# CONFIG_PATA_NINJA32 is not set +# CONFIG_PATA_NS87415 is not set +# CONFIG_PATA_OLDPIIX is not set +# CONFIG_PATA_OPTIDMA is not set +# CONFIG_PATA_PDC2027X is not set +# CONFIG_PATA_PDC_OLD is not set +# CONFIG_PATA_RADISYS is not set +# CONFIG_PATA_RDC is not set +# CONFIG_PATA_SCH is not set +# CONFIG_PATA_SERVERWORKS is not set +# CONFIG_PATA_SIL680 is not set +# CONFIG_PATA_SIS is not set +# CONFIG_PATA_TOSHIBA is not set +# CONFIG_PATA_TRIFLEX is not set +# CONFIG_PATA_VIA is not set +# CONFIG_PATA_WINBOND is not set + +# +# PIO-only SFF controllers +# +# CONFIG_PATA_CMD640_PCI is not set +# CONFIG_PATA_MPIIX is not set +# CONFIG_PATA_NS87410 is not set +# CONFIG_PATA_OPTI is not set +# CONFIG_PATA_PLATFORM is not set +# CONFIG_PATA_RZ1000 is not set + +# +# Generic fallback / legacy drivers +# +# CONFIG_ATA_GENERIC is not set +# CONFIG_PATA_LEGACY is not set +# CONFIG_MD is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_FC is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_GTP is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_TUN is not set +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# + +# +# Distributed Switch Architecture drivers +# +# end of Distributed Switch Architecture drivers + +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMAZON=y +# CONFIG_ENA_ETHERNET is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +CONFIG_NET_VENDOR_AQUANTIA=y +CONFIG_NET_VENDOR_ARC=y +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +CONFIG_NET_VENDOR_AURORA=y +# CONFIG_AURORA_NB8800 is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_SYSTEMPORT is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CADENCE=y +CONFIG_MACB=y +CONFIG_MACB_USE_HWSTAMP=y +# CONFIG_MACB_PCI is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_CAVIUM_PTP is not set +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +CONFIG_NET_VENDOR_CORTINA=y +# CONFIG_GEMINI_ETHERNET is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +# CONFIG_EZCHIP_NPS_MANAGEMENT_ENET is not set +CONFIG_NET_VENDOR_GOOGLE=y +# CONFIG_GVE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_HUAWEI=y +CONFIG_NET_VENDOR_I825XX=y +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +CONFIG_E1000E=y +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_ICE is not set +# CONFIG_FM10K is not set +# CONFIG_IGC is not set +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +# CONFIG_MLXFW is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851 is not set +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MICROCHIP=y +# CONFIG_ENC28J60 is not set +# CONFIG_ENCX24J600 is not set +# CONFIG_LAN743X is not set +CONFIG_NET_VENDOR_MICROSEMI=y +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETERION=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP is not set +CONFIG_NET_VENDOR_NI=y +# CONFIG_NI_XGE_MANAGEMENT_ENET is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_VENDOR_PACKET_ENGINES=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_PENSANDO=y +# CONFIG_IONIC is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCA7000_SPI is not set +# CONFIG_QCOM_EMAC is not set +# CONFIG_RMNET is not set +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +CONFIG_R8169=y +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SOLARFLARE=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_SOCIONEXT=y +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +# CONFIG_DWC_XLGMAC is not set +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_PHY_SEL is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +CONFIG_MDIO_DEVICE=y +CONFIG_MDIO_BUS=y +# CONFIG_MDIO_BCM_UNIMAC is not set +# CONFIG_MDIO_BITBANG is not set +# CONFIG_MDIO_BUS_MUX_MMIOREG is not set +# CONFIG_MDIO_BUS_MUX_MULTIPLEXER is not set +# CONFIG_MDIO_HISI_FEMAC is not set +# CONFIG_MDIO_MSCC_MIIM is not set +# CONFIG_MDIO_OCTEON is not set +# CONFIG_MDIO_THUNDER is not set +CONFIG_PHYLIB=y +CONFIG_SWPHY=y + +# +# MII PHY device drivers +# +# CONFIG_ADIN_PHY is not set +# CONFIG_AMD_PHY is not set +# CONFIG_AQUANTIA_PHY is not set +# CONFIG_AX88796B_PHY is not set +# CONFIG_AT803X_PHY is not set +# CONFIG_BCM7XXX_PHY is not set +# CONFIG_BCM87XX_PHY is not set +# CONFIG_BROADCOM_PHY is not set +# CONFIG_CICADA_PHY is not set +# CONFIG_CORTINA_PHY is not set +# CONFIG_DAVICOM_PHY is not set +# CONFIG_DP83822_PHY is not set +# CONFIG_DP83TC811_PHY is not set +# CONFIG_DP83848_PHY is not set +# CONFIG_DP83867_PHY is not set +CONFIG_FIXED_PHY=y +# CONFIG_ICPLUS_PHY is not set +# CONFIG_INTEL_XWAY_PHY is not set +# CONFIG_LSI_ET1011C_PHY is not set +# CONFIG_LXT_PHY is not set +# CONFIG_MARVELL_PHY is not set +# CONFIG_MARVELL_10G_PHY is not set +# CONFIG_MICREL_PHY is not set +# CONFIG_MICROCHIP_PHY is not set +# CONFIG_MICROCHIP_T1_PHY is not set +CONFIG_MICROSEMI_PHY=y +# CONFIG_NATIONAL_PHY is not set +# CONFIG_NXP_TJA11XX_PHY is not set +# CONFIG_QSEMI_PHY is not set +CONFIG_REALTEK_PHY=y +# CONFIG_RENESAS_PHY is not set +# CONFIG_ROCKCHIP_PHY is not set +# CONFIG_SMSC_PHY is not set +# CONFIG_STE10XP is not set +# CONFIG_TERANETICS_PHY is not set +# CONFIG_VITESSE_PHY is not set +# CONFIG_XILINX_GMII2RGMII is not set +# CONFIG_MICREL_KS8995MA is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set +CONFIG_USB_NET_DRIVERS=y +# CONFIG_USB_CATC is not set +# CONFIG_USB_KAWETH is not set +# CONFIG_USB_PEGASUS is not set +# CONFIG_USB_RTL8150 is not set +# CONFIG_USB_RTL8152 is not set +# CONFIG_USB_LAN78XX is not set +# CONFIG_USB_USBNET is not set +# CONFIG_USB_IPHETH is not set +CONFIG_WLAN=y +# CONFIG_WIRELESS_WDS is not set +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y +CONFIG_WLAN_VENDOR_QUANTENNA=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +# CONFIG_INPUT_MOUSEDEV_PSAUX is not set +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +# CONFIG_INPUT_EVDEV is not set +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ADP5588 is not set +# CONFIG_KEYBOARD_ADP5589 is not set +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_QT1050 is not set +# CONFIG_KEYBOARD_QT1070 is not set +# CONFIG_KEYBOARD_QT2160 is not set +# CONFIG_KEYBOARD_DLINK_DIR685 is not set +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_LM8333 is not set +# CONFIG_KEYBOARD_MAX7359 is not set +# CONFIG_KEYBOARD_MCS is not set +# CONFIG_KEYBOARD_MPR121 is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_SAMSUNG is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_OMAP4 is not set +# CONFIG_KEYBOARD_XTKBD is not set +# CONFIG_KEYBOARD_CAP11XX is not set +# CONFIG_KEYBOARD_BCM is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +CONFIG_MOUSE_PS2_SMBUS=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_CYAPA is not set +# CONFIG_MOUSE_ELAN_I2C is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_I2C is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_SERIO_APBPS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_HW_CONSOLE=y +CONFIG_VT_HW_CONSOLE_BINDING=y +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +# CONFIG_NULL_TTY is not set +CONFIG_LDISC_AUTOLOAD=y +CONFIG_DEVMEM=y +# CONFIG_DEVKMEM is not set + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_8250_EXAR=y +CONFIG_SERIAL_8250_NR_UARTS=4 +CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +# CONFIG_SERIAL_8250_EXTENDED is not set +# CONFIG_SERIAL_8250_ASPEED_VUART is not set +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +CONFIG_SERIAL_OF_PLATFORM=y + +# +# Non-8250 serial port support +# +CONFIG_SERIAL_EARLYCON_RISCV_SBI=y +# CONFIG_SERIAL_MAX3100 is not set +# CONFIG_SERIAL_MAX310X is not set +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +# CONFIG_SERIAL_JSM is not set +CONFIG_SERIAL_SIFIVE=y +CONFIG_SERIAL_SIFIVE_CONSOLE=y +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_SC16IS7XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_XILINX_PS_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# CONFIG_SERIAL_CONEXANT_DIGICOLOR is not set +# end of Serial drivers + +# CONFIG_SERIAL_DEV_BUS is not set +# CONFIG_TTY_PRINTK is not set +CONFIG_HVC_DRIVER=y +CONFIG_HVC_RISCV_SBI=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=y +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +CONFIG_HW_RANDOM_VIRTIO=y +# CONFIG_APPLICOM is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_TCG_TPM is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set +# end of Character devices + +# CONFIG_RANDOM_TRUST_BOOTLOADER is not set +CONFIG_RANDSTRUCT_NONE=y +# +# I2C support +# +CONFIG_I2C=y +CONFIG_I2C_BOARDINFO=y +CONFIG_I2C_COMPAT=y +# CONFIG_I2C_CHARDEV is not set +# CONFIG_I2C_MUX is not set +CONFIG_I2C_HELPER_AUTO=y +CONFIG_I2C_ALGOBIT=y + +# +# I2C Hardware Bus support +# + +# +# PC SMBus host controller drivers +# +# CONFIG_I2C_ALI1535 is not set +# CONFIG_I2C_ALI1563 is not set +# CONFIG_I2C_ALI15X3 is not set +# CONFIG_I2C_AMD756 is not set +# CONFIG_I2C_AMD8111 is not set +# CONFIG_I2C_I801 is not set +# CONFIG_I2C_ISCH is not set +# CONFIG_I2C_PIIX4 is not set +# CONFIG_I2C_NFORCE2 is not set +# CONFIG_I2C_NVIDIA_GPU is not set +# CONFIG_I2C_SIS5595 is not set +# CONFIG_I2C_SIS630 is not set +# CONFIG_I2C_SIS96X is not set +# CONFIG_I2C_VIA is not set +# CONFIG_I2C_VIAPRO is not set + +# +# I2C system bus drivers (mostly embedded / system-on-chip) +# +# CONFIG_I2C_DESIGNWARE_PLATFORM is not set +# CONFIG_I2C_DESIGNWARE_PCI is not set +# CONFIG_I2C_EMEV2 is not set +# CONFIG_I2C_OCORES is not set +# CONFIG_I2C_PCA_PLATFORM is not set +# CONFIG_I2C_RK3X is not set +# CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_XILINX is not set + +# +# External I2C/SMBus adapter drivers +# +# CONFIG_I2C_DIOLAN_U2C is not set +# CONFIG_I2C_PARPORT_LIGHT is not set +# CONFIG_I2C_ROBOTFUZZ_OSIF is not set +# CONFIG_I2C_TAOS_EVM is not set +# CONFIG_I2C_TINY_USB is not set + +# +# Other I2C/SMBus bus drivers +# +# end of I2C Hardware Bus support + +# CONFIG_I2C_STUB is not set +# CONFIG_I2C_SLAVE is not set +# CONFIG_I2C_DEBUG_CORE is not set +# CONFIG_I2C_DEBUG_ALGO is not set +# CONFIG_I2C_DEBUG_BUS is not set +# end of I2C support + +# CONFIG_I3C is not set +CONFIG_SPI=y +# CONFIG_SPI_DEBUG is not set +CONFIG_SPI_MASTER=y +# CONFIG_SPI_MEM is not set + +# +# SPI Master Controller Drivers +# +# CONFIG_SPI_ALTERA is not set +# CONFIG_SPI_AXI_SPI_ENGINE is not set +# CONFIG_SPI_BITBANG is not set +# CONFIG_SPI_CADENCE is not set +# CONFIG_SPI_DESIGNWARE is not set +# CONFIG_SPI_NXP_FLEXSPI is not set +# CONFIG_SPI_FSL_SPI is not set +# CONFIG_SPI_PXA2XX is not set +# CONFIG_SPI_ROCKCHIP is not set +# CONFIG_SPI_SC18IS602 is not set +CONFIG_SPI_SIFIVE=y +# CONFIG_SPI_MXIC is not set +# CONFIG_SPI_XCOMM is not set +# CONFIG_SPI_XILINX is not set +# CONFIG_SPI_ZYNQMP_GQSPI is not set + +# +# SPI Protocol Masters +# +# CONFIG_SPI_SPIDEV is not set +# CONFIG_SPI_LOOPBACK_TEST is not set +# CONFIG_SPI_TLE62X0 is not set +# CONFIG_SPI_SLAVE is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +# CONFIG_PPS is not set + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# end of PTP clock support + +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_AVS is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +CONFIG_POWER_SUPPLY_HWMON=y +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_CHARGER_ADP5061 is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_DS2782 is not set +# CONFIG_BATTERY_SBS is not set +# CONFIG_CHARGER_SBS is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_BATTERY_MAX17040 is not set +# CONFIG_BATTERY_MAX17042 is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set +# CONFIG_CHARGER_DETECTOR_MAX14656 is not set +# CONFIG_CHARGER_BQ2415X is not set +# CONFIG_CHARGER_SMB347 is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_AD7314 is not set +# CONFIG_SENSORS_AD7414 is not set +# CONFIG_SENSORS_AD7418 is not set +# CONFIG_SENSORS_ADM1021 is not set +# CONFIG_SENSORS_ADM1025 is not set +# CONFIG_SENSORS_ADM1026 is not set +# CONFIG_SENSORS_ADM1029 is not set +# CONFIG_SENSORS_ADM1031 is not set +# CONFIG_SENSORS_ADM9240 is not set +# CONFIG_SENSORS_ADT7310 is not set +# CONFIG_SENSORS_ADT7410 is not set +# CONFIG_SENSORS_ADT7411 is not set +# CONFIG_SENSORS_ADT7462 is not set +# CONFIG_SENSORS_ADT7470 is not set +# CONFIG_SENSORS_ADT7475 is not set +# CONFIG_SENSORS_AS370 is not set +# CONFIG_SENSORS_ASC7621 is not set +# CONFIG_SENSORS_ASPEED is not set +# CONFIG_SENSORS_ATXP1 is not set +# CONFIG_SENSORS_DS620 is not set +# CONFIG_SENSORS_DS1621 is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_F75375S is not set +# CONFIG_SENSORS_GL518SM is not set +# CONFIG_SENSORS_GL520SM is not set +# CONFIG_SENSORS_G760A is not set +# CONFIG_SENSORS_G762 is not set +# CONFIG_SENSORS_HIH6130 is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_JC42 is not set +# CONFIG_SENSORS_POWR1220 is not set +# CONFIG_SENSORS_LINEAGE is not set +# CONFIG_SENSORS_LTC2945 is not set +# CONFIG_SENSORS_LTC2990 is not set +# CONFIG_SENSORS_LTC4151 is not set +# CONFIG_SENSORS_LTC4215 is not set +# CONFIG_SENSORS_LTC4222 is not set +# CONFIG_SENSORS_LTC4245 is not set +# CONFIG_SENSORS_LTC4260 is not set +# CONFIG_SENSORS_LTC4261 is not set +# CONFIG_SENSORS_MAX1111 is not set +# CONFIG_SENSORS_MAX16065 is not set +# CONFIG_SENSORS_MAX1619 is not set +# CONFIG_SENSORS_MAX1668 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_MAX31722 is not set +# CONFIG_SENSORS_MAX6621 is not set +# CONFIG_SENSORS_MAX6639 is not set +# CONFIG_SENSORS_MAX6642 is not set +# CONFIG_SENSORS_MAX6650 is not set +# CONFIG_SENSORS_MAX6697 is not set +# CONFIG_SENSORS_MAX31790 is not set +# CONFIG_SENSORS_MCP3021 is not set +# CONFIG_SENSORS_TC654 is not set +# CONFIG_SENSORS_ADCXX is not set +# CONFIG_SENSORS_LM63 is not set +# CONFIG_SENSORS_LM70 is not set +# CONFIG_SENSORS_LM73 is not set +# CONFIG_SENSORS_LM75 is not set +# CONFIG_SENSORS_LM77 is not set +# CONFIG_SENSORS_LM78 is not set +# CONFIG_SENSORS_LM80 is not set +# CONFIG_SENSORS_LM83 is not set +# CONFIG_SENSORS_LM85 is not set +# CONFIG_SENSORS_LM87 is not set +# CONFIG_SENSORS_LM90 is not set +# CONFIG_SENSORS_LM92 is not set +# CONFIG_SENSORS_LM93 is not set +# CONFIG_SENSORS_LM95234 is not set +# CONFIG_SENSORS_LM95241 is not set +# CONFIG_SENSORS_LM95245 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_NCT7802 is not set +# CONFIG_SENSORS_NCT7904 is not set +# CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_PCF8591 is not set +# CONFIG_PMBUS is not set +# CONFIG_SENSORS_SHT21 is not set +# CONFIG_SENSORS_SHT3x is not set +# CONFIG_SENSORS_SHTC1 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_DME1737 is not set +# CONFIG_SENSORS_EMC1403 is not set +# CONFIG_SENSORS_EMC2103 is not set +# CONFIG_SENSORS_EMC6W201 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47M192 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_STTS751 is not set +# CONFIG_SENSORS_SMM665 is not set +# CONFIG_SENSORS_ADC128D818 is not set +# CONFIG_SENSORS_ADS7828 is not set +# CONFIG_SENSORS_ADS7871 is not set +# CONFIG_SENSORS_AMC6821 is not set +# CONFIG_SENSORS_INA209 is not set +# CONFIG_SENSORS_INA2XX is not set +# CONFIG_SENSORS_INA3221 is not set +# CONFIG_SENSORS_TC74 is not set +# CONFIG_SENSORS_THMC50 is not set +# CONFIG_SENSORS_TMP102 is not set +# CONFIG_SENSORS_TMP103 is not set +# CONFIG_SENSORS_TMP108 is not set +# CONFIG_SENSORS_TMP401 is not set +# CONFIG_SENSORS_TMP421 is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83773G is not set +# CONFIG_SENSORS_W83781D is not set +# CONFIG_SENSORS_W83791D is not set +# CONFIG_SENSORS_W83792D is not set +# CONFIG_SENSORS_W83793 is not set +# CONFIG_SENSORS_W83795 is not set +# CONFIG_SENSORS_W83L785TS is not set +# CONFIG_SENSORS_W83L786NG is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set +# CONFIG_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_ACT8945A is not set +# CONFIG_MFD_AS3711 is not set +# CONFIG_MFD_AS3722 is not set +# CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_ATMEL_FLEXCOM is not set +# CONFIG_MFD_ATMEL_HLCDC is not set +# CONFIG_MFD_BCM590XX is not set +# CONFIG_MFD_BD9571MWV is not set +# CONFIG_MFD_AXP20X_I2C is not set +# CONFIG_MFD_MADERA is not set +# CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_SPI is not set +# CONFIG_MFD_DA9052_I2C is not set +# CONFIG_MFD_DA9055 is not set +# CONFIG_MFD_DA9062 is not set +# CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DA9150 is not set +# CONFIG_MFD_DLN2 is not set +# CONFIG_MFD_MC13XXX_SPI is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_MFD_HI6421_PMIC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_88PM800 is not set +# CONFIG_MFD_88PM805 is not set +# CONFIG_MFD_88PM860X is not set +# CONFIG_MFD_MAX14577 is not set +# CONFIG_MFD_MAX77620 is not set +# CONFIG_MFD_MAX77650 is not set +# CONFIG_MFD_MAX77686 is not set +# CONFIG_MFD_MAX77693 is not set +# CONFIG_MFD_MAX77843 is not set +# CONFIG_MFD_MAX8907 is not set +# CONFIG_MFD_MAX8925 is not set +# CONFIG_MFD_MAX8997 is not set +# CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_MENF21BMC is not set +# CONFIG_EZX_PCAP is not set +# CONFIG_MFD_CPCAP is not set +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set +# CONFIG_MFD_PCF50633 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RT5033 is not set +# CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_RK808 is not set +# CONFIG_MFD_RN5T618 is not set +# CONFIG_MFD_SEC_CORE is not set +# CONFIG_MFD_SI476X_CORE is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SKY81452 is not set +# CONFIG_MFD_SMSC is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_STMPE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_TI_LMU is not set +# CONFIG_MFD_PALMAS is not set +# CONFIG_TPS6105X is not set +# CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65086 is not set +# CONFIG_MFD_TPS65090 is not set +# CONFIG_MFD_TPS65217 is not set +# CONFIG_MFD_TI_LP873X is not set +# CONFIG_MFD_TI_LP87565 is not set +# CONFIG_MFD_TPS65218 is not set +# CONFIG_MFD_TPS6586X is not set +# CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_MFD_TPS65912_SPI is not set +# CONFIG_MFD_TPS80031 is not set +# CONFIG_TWL4030_CORE is not set +# CONFIG_TWL6040_CORE is not set +# CONFIG_MFD_WL1273_CORE is not set +# CONFIG_MFD_LM3533 is not set +# CONFIG_MFD_TC3589X is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_MFD_LOCHNAGAR is not set +# CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_ARIZONA_SPI is not set +# CONFIG_MFD_WM8400 is not set +# CONFIG_MFD_WM831X_I2C is not set +# CONFIG_MFD_WM831X_SPI is not set +# CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set +# CONFIG_MFD_ROHM_BD718XX is not set +# CONFIG_MFD_ROHM_BD70528 is not set +# CONFIG_MFD_STPMIC1 is not set +# CONFIG_MFD_STMFX is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +CONFIG_DRM=y +# CONFIG_DRM_DP_AUX_CHARDEV is not set +# CONFIG_DRM_DEBUG_MM is not set +# CONFIG_DRM_DEBUG_SELFTEST is not set +CONFIG_DRM_KMS_HELPER=y +CONFIG_DRM_KMS_FB_HELPER=y +CONFIG_DRM_FBDEV_EMULATION=y +CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set +# CONFIG_DRM_DP_CEC is not set +CONFIG_DRM_TTM=y + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_I2C_NXP_TDA9950 is not set +# end of I2C encoder or helper chips + +# +# ARM devices +# +# CONFIG_DRM_KOMEDA is not set +# end of ARM devices + +CONFIG_DRM_RADEON=y +# CONFIG_DRM_RADEON_USERPTR is not set +# CONFIG_DRM_AMDGPU is not set + +# +# ACP (Audio CoProcessor) Configuration +# +# end of ACP (Audio CoProcessor) Configuration + +# CONFIG_DRM_NOUVEAU is not set +# CONFIG_DRM_VGEM is not set +# CONFIG_DRM_VKMS is not set +# CONFIG_DRM_UDL is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +# CONFIG_DRM_CIRRUS_QEMU is not set +# CONFIG_DRM_RCAR_DW_HDMI is not set +# CONFIG_DRM_RCAR_LVDS is not set +# CONFIG_DRM_QXL is not set +# CONFIG_DRM_BOCHS is not set +CONFIG_DRM_VIRTIO_GPU=y +CONFIG_DRM_PANEL=y + +# +# Display Panels +# +# CONFIG_DRM_PANEL_LVDS is not set +# CONFIG_DRM_PANEL_SIMPLE is not set +# CONFIG_DRM_PANEL_ILITEK_IL9322 is not set +# CONFIG_DRM_PANEL_SAMSUNG_LD9040 is not set +# CONFIG_DRM_PANEL_LG_LG4573 is not set +# CONFIG_DRM_PANEL_NOVATEK_NT39016 is not set +# CONFIG_DRM_PANEL_OLIMEX_LCD_OLINUXINO is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E63M0 is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set +# CONFIG_DRM_PANEL_SEIKO_43WVF1G is not set +# CONFIG_DRM_PANEL_SITRONIX_ST7789V is not set +# CONFIG_DRM_PANEL_TPO_TD028TTEC1 is not set +# end of Display Panels + +CONFIG_DRM_BRIDGE=y +CONFIG_DRM_PANEL_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# CONFIG_DRM_CDNS_DSI is not set +# CONFIG_DRM_DUMB_VGA_DAC is not set +# CONFIG_DRM_LVDS_ENCODER is not set +# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set +# CONFIG_DRM_NXP_PTN3460 is not set +# CONFIG_DRM_PARADE_PS8622 is not set +# CONFIG_DRM_SIL_SII8620 is not set +# CONFIG_DRM_SII902X is not set +# CONFIG_DRM_SII9234 is not set +# CONFIG_DRM_THINE_THC63LVD1024 is not set +# CONFIG_DRM_TOSHIBA_TC358764 is not set +# CONFIG_DRM_TOSHIBA_TC358767 is not set +# CONFIG_DRM_TI_TFP410 is not set +# CONFIG_DRM_TI_SN65DSI86 is not set +# CONFIG_DRM_I2C_ADV7511 is not set +# end of Display Interface Bridges + +# CONFIG_DRM_ETNAVIV is not set +# CONFIG_DRM_ARCPGU is not set +# CONFIG_DRM_MXSFB is not set +# CONFIG_DRM_GM12U320 is not set +# CONFIG_TINYDRM_HX8357D is not set +# CONFIG_TINYDRM_ILI9225 is not set +# CONFIG_TINYDRM_ILI9341 is not set +# CONFIG_TINYDRM_MI0283QT is not set +# CONFIG_TINYDRM_REPAPER is not set +# CONFIG_TINYDRM_ST7586 is not set +# CONFIG_TINYDRM_ST7735R is not set +# CONFIG_DRM_LEGACY is not set +CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y + +# +# Frame buffer Devices +# +CONFIG_FB_CMDLINE=y +CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set +CONFIG_FB_CFB_FILLRECT=y +CONFIG_FB_CFB_COPYAREA=y +CONFIG_FB_CFB_IMAGEBLIT=y +CONFIG_FB_SYS_FILLRECT=y +CONFIG_FB_SYS_COPYAREA=y +CONFIG_FB_SYS_IMAGEBLIT=y +# CONFIG_FB_FOREIGN_ENDIAN is not set +CONFIG_FB_SYS_FOPS=y +CONFIG_FB_DEFERRED_IO=y +# CONFIG_FB_MODE_HELPERS is not set +# CONFIG_FB_TILEBLITTING is not set + +# +# Frame buffer hardware drivers +# +# CONFIG_FB_CIRRUS is not set +# CONFIG_FB_PM2 is not set +# CONFIG_FB_CYBER2000 is not set +# CONFIG_FB_ASILIANT is not set +# CONFIG_FB_IMSTT is not set +# CONFIG_FB_OPENCORES is not set +# CONFIG_FB_S1D13XXX is not set +# CONFIG_FB_NVIDIA is not set +# CONFIG_FB_RIVA is not set +# CONFIG_FB_I740 is not set +# CONFIG_FB_MATROX is not set +# CONFIG_FB_RADEON is not set +# CONFIG_FB_ATY128 is not set +# CONFIG_FB_ATY is not set +# CONFIG_FB_S3 is not set +# CONFIG_FB_SAVAGE is not set +# CONFIG_FB_SIS is not set +# CONFIG_FB_NEOMAGIC is not set +# CONFIG_FB_KYRO is not set +# CONFIG_FB_3DFX is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FB_VT8623 is not set +# CONFIG_FB_TRIDENT is not set +# CONFIG_FB_ARK is not set +# CONFIG_FB_PM3 is not set +# CONFIG_FB_CARMINE is not set +# CONFIG_FB_SMSCUFX is not set +# CONFIG_FB_UDL is not set +# CONFIG_FB_IBM_GXT4500 is not set +# CONFIG_FB_VIRTUAL is not set +# CONFIG_FB_METRONOME is not set +# CONFIG_FB_MB862XX is not set +# CONFIG_FB_SIMPLE is not set +# CONFIG_FB_SM712 is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +CONFIG_BACKLIGHT_CLASS_DEVICE=y +CONFIG_BACKLIGHT_GENERIC=y +# CONFIG_BACKLIGHT_PM8941_WLED is not set +# CONFIG_BACKLIGHT_ADP8860 is not set +# CONFIG_BACKLIGHT_ADP8870 is not set +# CONFIG_BACKLIGHT_LM3639 is not set +# CONFIG_BACKLIGHT_LV5207LP is not set +# CONFIG_BACKLIGHT_BD6107 is not set +# CONFIG_BACKLIGHT_ARCXCNN is not set +# end of Backlight & LCD device support + +CONFIG_HDMI=y + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_FRAMEBUFFER_CONSOLE=y +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set +# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set +# end of Console display driver support + +# CONFIG_LOGO is not set +# end of Graphics support + +# CONFIG_SOUND is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +# CONFIG_HID_A4TECH is not set +# CONFIG_HID_ACCUTOUCH is not set +# CONFIG_HID_ACRUX is not set +# CONFIG_HID_APPLE is not set +# CONFIG_HID_APPLEIR is not set +# CONFIG_HID_AUREAL is not set +# CONFIG_HID_BELKIN is not set +# CONFIG_HID_BETOP_FF is not set +# CONFIG_HID_CHERRY is not set +# CONFIG_HID_CHICONY is not set +# CONFIG_HID_COUGAR is not set +# CONFIG_HID_MACALLY is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CREATIVE_SB0540 is not set +# CONFIG_HID_CYPRESS is not set +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_ELO is not set +# CONFIG_HID_EZKEY is not set +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_HOLTEK is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_UCLOGIC is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_VIEWSONIC is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_ITE is not set +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +# CONFIG_HID_KENSINGTON is not set +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +# CONFIG_HID_LOGITECH is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MALTRON is not set +# CONFIG_HID_MAYFLASH is not set +# CONFIG_HID_REDRAGON is not set +# CONFIG_HID_MICROSOFT is not set +# CONFIG_HID_MONTEREY is not set +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_NTRIG is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PENMOUNT is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_RETRODE is not set +# CONFIG_HID_ROCCAT is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +# end of Special HID drivers + +# +# USB HID support +# +CONFIG_USB_HID=y +# CONFIG_HID_PID is not set +# CONFIG_USB_HIDDEV is not set +# end of USB HID support + +# +# I2C HID support +# +# CONFIG_I2C_HID is not set +# end of I2C HID support +# end of HID support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_COMMON=y +# CONFIG_USB_ULPI_BUS is not set +CONFIG_USB_ARCH_HAS_HCD=y +CONFIG_USB=y +CONFIG_USB_PCI=y +# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set + +# +# Miscellaneous USB options +# +CONFIG_USB_DEFAULT_PERSIST=y +# CONFIG_USB_DYNAMIC_MINORS is not set +# CONFIG_USB_OTG_WHITELIST is not set +# CONFIG_USB_OTG_BLACKLIST_HUB is not set +CONFIG_USB_AUTOSUSPEND_DELAY=2 +# CONFIG_USB_MON is not set + +# +# USB Host Controller Drivers +# +# CONFIG_USB_C67X00_HCD is not set +CONFIG_USB_XHCI_HCD=y +# CONFIG_USB_XHCI_DBGCAP is not set +CONFIG_USB_XHCI_PCI=y +CONFIG_USB_XHCI_PLATFORM=y +CONFIG_USB_EHCI_HCD=y +# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_EHCI_PCI=y +# CONFIG_USB_EHCI_FSL is not set +CONFIG_USB_EHCI_HCD_PLATFORM=y +# CONFIG_USB_OXU210HP_HCD is not set +# CONFIG_USB_ISP116X_HCD is not set +# CONFIG_USB_FOTG210_HCD is not set +# CONFIG_USB_MAX3421_HCD is not set +CONFIG_USB_OHCI_HCD=y +CONFIG_USB_OHCI_HCD_PCI=y +CONFIG_USB_OHCI_HCD_PLATFORM=y +# CONFIG_USB_UHCI_HCD is not set +# CONFIG_USB_SL811_HCD is not set +# CONFIG_USB_R8A66597_HCD is not set +# CONFIG_USB_HCD_TEST_MODE is not set + +# +# USB Device Class drivers +# +# CONFIG_USB_ACM is not set +# CONFIG_USB_PRINTER is not set +# CONFIG_USB_WDM is not set +# CONFIG_USB_TMC is not set + +# +# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may +# + +# +# also be needed; see USB_STORAGE Help for more info +# +CONFIG_USB_STORAGE=y +# CONFIG_USB_STORAGE_DEBUG is not set +# CONFIG_USB_STORAGE_REALTEK is not set +# CONFIG_USB_STORAGE_DATAFAB is not set +# CONFIG_USB_STORAGE_FREECOM is not set +# CONFIG_USB_STORAGE_ISD200 is not set +# CONFIG_USB_STORAGE_USBAT is not set +# CONFIG_USB_STORAGE_SDDR09 is not set +# CONFIG_USB_STORAGE_SDDR55 is not set +# CONFIG_USB_STORAGE_JUMPSHOT is not set +# CONFIG_USB_STORAGE_ALAUDA is not set +# CONFIG_USB_STORAGE_ONETOUCH is not set +# CONFIG_USB_STORAGE_KARMA is not set +# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set +# CONFIG_USB_STORAGE_ENE_UB6250 is not set +CONFIG_USB_UAS=y + +# +# USB Imaging devices +# +# CONFIG_USB_MDC800 is not set +# CONFIG_USB_MICROTEK is not set +# CONFIG_USBIP_CORE is not set +# CONFIG_USB_CDNS3 is not set +# CONFIG_USB_MUSB_HDRC is not set +# CONFIG_USB_DWC3 is not set +# CONFIG_USB_DWC2 is not set +# CONFIG_USB_CHIPIDEA is not set +# CONFIG_USB_ISP1760 is not set + +# +# USB port drivers +# +# CONFIG_USB_SERIAL is not set + +# +# USB Miscellaneous drivers +# +# CONFIG_USB_EMI62 is not set +# CONFIG_USB_EMI26 is not set +# CONFIG_USB_ADUTUX is not set +# CONFIG_USB_SEVSEG is not set +# CONFIG_USB_LEGOTOWER is not set +# CONFIG_USB_LCD is not set +# CONFIG_USB_CYPRESS_CY7C63 is not set +# CONFIG_USB_CYTHERM is not set +# CONFIG_USB_IDMOUSE is not set +# CONFIG_USB_FTDI_ELAN is not set +# CONFIG_USB_APPLEDISPLAY is not set +# CONFIG_USB_SISUSBVGA is not set +# CONFIG_USB_LD is not set +# CONFIG_USB_TRANCEVIBRATOR is not set +# CONFIG_USB_IOWARRIOR is not set +# CONFIG_USB_TEST is not set +# CONFIG_USB_EHSET_TEST_FIXTURE is not set +# CONFIG_USB_ISIGHTFW is not set +# CONFIG_USB_YUREX is not set +# CONFIG_USB_EZUSB_FX2 is not set +# CONFIG_USB_HUB_USB251XB is not set +# CONFIG_USB_HSIC_USB3503 is not set +# CONFIG_USB_HSIC_USB4604 is not set +# CONFIG_USB_LINK_LAYER_TEST is not set +# CONFIG_USB_CHAOSKEY is not set + +# +# USB Physical Layer drivers +# +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_ISP1301 is not set +# end of USB Physical Layer drivers + +# CONFIG_USB_GADGET is not set +# CONFIG_TYPEC is not set +# CONFIG_USB_ROLE_SWITCH is not set +CONFIG_MMC=y +CONFIG_PWRSEQ_EMMC=y +CONFIG_PWRSEQ_SIMPLE=y +CONFIG_MMC_BLOCK=y +CONFIG_MMC_BLOCK_MINORS=8 +# CONFIG_SDIO_UART is not set +# CONFIG_MMC_TEST is not set + +# +# MMC/SD/SDIO Host Controller Drivers +# +# CONFIG_MMC_DEBUG is not set +# CONFIG_MMC_SDHCI is not set +# CONFIG_MMC_TIFM_SD is not set +CONFIG_MMC_SPI=y +# CONFIG_MMC_CB710 is not set +# CONFIG_MMC_VIA_SDMMC is not set +# CONFIG_MMC_VUB300 is not set +# CONFIG_MMC_USHC is not set +# CONFIG_MMC_USDHI6ROL0 is not set +# CONFIG_MMC_CQHCI is not set +# CONFIG_MMC_TOSHIBA_PCI is not set +# CONFIG_MMC_MTK is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +CONFIG_SYNC_FILE=y +# CONFIG_UDMABUF is not set +# CONFIG_DMABUF_SELFTESTS is not set +# end of DMABUF options + +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRT_DRIVERS=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# end of Microsoft Hyper-V guest support + +# CONFIG_GREYBUS is not set +# CONFIG_STAGING is not set +CONFIG_CLKDEV_LOOKUP=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y + +# +# Common Clock Framework +# +# CONFIG_CLK_HSDK is not set +# CONFIG_COMMON_CLK_MAX9485 is not set +# CONFIG_COMMON_CLK_SI5341 is not set +# CONFIG_COMMON_CLK_SI5351 is not set +# CONFIG_COMMON_CLK_SI514 is not set +# CONFIG_COMMON_CLK_SI544 is not set +# CONFIG_COMMON_CLK_SI570 is not set +# CONFIG_COMMON_CLK_CDCE706 is not set +# CONFIG_COMMON_CLK_CDCE925 is not set +# CONFIG_COMMON_CLK_CS2000_CP is not set +# CONFIG_COMMON_CLK_VC5 is not set +# CONFIG_COMMON_CLK_FIXED_MMIO is not set +CONFIG_CLK_ANALOGBITS_WRPLL_CLN28HPC=y +CONFIG_CLK_SIFIVE=y +CONFIG_CLK_SIFIVE_FU540_PRCI=y +# end of Common Clock Framework + +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_TIMER_OF=y +CONFIG_TIMER_PROBE=y +CONFIG_RISCV_TIMER=y +# end of Clock Source drivers + +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# end of Generic IOMMU Pagetable Support + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +CONFIG_RPMSG=y +CONFIG_RPMSG_CHAR=y +CONFIG_RPMSG_VIRTIO=y +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Aspeed SoC drivers +# +# end of Aspeed SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# CONFIG_XILINX_VCU is not set +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +CONFIG_IRQCHIP=y +# CONFIG_AL_FIC is not set +# end of IRQ chip support + +CONFIG_SIFIVE_PLIC=y +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_PHY_CADENCE_DP is not set +# CONFIG_PHY_CADENCE_DPHY is not set +# CONFIG_PHY_FSL_IMX8MQ_USB is not set +# CONFIG_PHY_MIXEL_MIPI_DPHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set +CONFIG_RAS=y + +# +# Android +# +# CONFIG_ANDROID is not set +# end of Android + +# CONFIG_LIBNVDIMM is not set +# CONFIG_DAX is not set +# CONFIG_NVMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_FSI is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# end of Device Drivers + +# +# File systems +# +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_USE_FOR_EXT2=y +CONFIG_EXT4_FS_POSIX_ACL=y +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FS_VERITY is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +# CONFIG_QUOTA is not set +CONFIG_AUTOFS4_FS=y +CONFIG_AUTOFS_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +# CONFIG_ISO9660_FS is not set +# CONFIG_UDF_FS is not set +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" +# CONFIG_FAT_DEFAULT_UTF8 is not set +# CONFIG_NTFS_FS is not set +# end of DOS/FAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +# CONFIG_PROC_KCORE is not set +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +CONFIG_PROC_CHILDREN=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y +# CONFIG_HUGETLBFS is not set +CONFIG_MEMFD_CREATE=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +# end of Pseudo filesystems + +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +# CONFIG_EROFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +CONFIG_NFS_FS=y +CONFIG_NFS_V2=y +CONFIG_NFS_V3=y +# CONFIG_NFS_V3_ACL is not set +CONFIG_NFS_V4=y +# CONFIG_NFS_SWAP is not set +CONFIG_NFS_V4_1=y +CONFIG_NFS_V4_2=y +CONFIG_PNFS_FILE_LAYOUT=y +CONFIG_PNFS_FLEXFILE_LAYOUT=m +CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" +# CONFIG_NFS_V4_1_MIGRATION is not set +CONFIG_ROOT_NFS=y +# CONFIG_NFS_USE_LEGACY_DNS is not set +CONFIG_NFS_USE_KERNEL_DNS=y +# CONFIG_NFSD is not set +CONFIG_GRACE_PERIOD=y +CONFIG_LOCKD=y +CONFIG_LOCKD_V4=y +CONFIG_NFS_COMMON=y +CONFIG_SUNRPC=y +CONFIG_SUNRPC_GSS=y +CONFIG_SUNRPC_BACKCHANNEL=y +# CONFIG_SUNRPC_DEBUG is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +# CONFIG_9P_FS_POSIX_ACL is not set +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set +# CONFIG_UNICODE is not set +# end of File systems + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +# CONFIG_PERSISTENT_KEYRINGS is not set +# CONFIG_BIG_KEYS is not set +# CONFIG_ENCRYPTED_KEYS is not set +# CONFIG_KEY_DH_OPERATIONS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +# end of Memory initialization +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG2=y +# CONFIG_CRYPTO_MANAGER is not set +# CONFIG_CRYPTO_USER is not set +# CONFIG_CRYPTO_NULL is not set +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +# CONFIG_CRYPTO_CRYPTD is not set +# CONFIG_CRYPTO_AUTHENC is not set +# CONFIG_CRYPTO_TEST is not set +CONFIG_CRYPTO_ENGINE=y + +# +# Public-key cryptography +# +# CONFIG_CRYPTO_RSA is not set +# CONFIG_CRYPTO_DH is not set +# CONFIG_CRYPTO_ECDH is not set +# CONFIG_CRYPTO_ECRDSA is not set + +# +# Authenticated Encryption with Associated Data +# +# CONFIG_CRYPTO_CCM is not set +# CONFIG_CRYPTO_GCM is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_SEQIV is not set +# CONFIG_CRYPTO_ECHAINIV is not set + +# +# Block modes +# +# CONFIG_CRYPTO_CBC is not set +# CONFIG_CRYPTO_CFB is not set +# CONFIG_CRYPTO_CTR is not set +# CONFIG_CRYPTO_CTS is not set +# CONFIG_CRYPTO_ECB is not set +# CONFIG_CRYPTO_LRW is not set +# CONFIG_CRYPTO_OFB is not set +# CONFIG_CRYPTO_PCBC is not set +# CONFIG_CRYPTO_XTS is not set +# CONFIG_CRYPTO_KEYWRAP is not set +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_ESSIV is not set + +# +# Hash modes +# +# CONFIG_CRYPTO_CMAC is not set +# CONFIG_CRYPTO_HMAC is not set +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_XXHASH is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +# CONFIG_CRYPTO_GHASH is not set +# CONFIG_CRYPTO_POLY1305 is not set +# CONFIG_CRYPTO_MD4 is not set +# CONFIG_CRYPTO_MD5 is not set +# CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_RMD128 is not set +# CONFIG_CRYPTO_RMD160 is not set +# CONFIG_CRYPTO_RMD256 is not set +# CONFIG_CRYPTO_RMD320 is not set +# CONFIG_CRYPTO_SHA1 is not set +# CONFIG_CRYPTO_SHA256 is not set +# CONFIG_CRYPTO_SHA512 is not set +# CONFIG_CRYPTO_SHA3 is not set +# CONFIG_CRYPTO_SM3 is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_TGR192 is not set +# CONFIG_CRYPTO_WP512 is not set + +# +# Ciphers +# +# CONFIG_CRYPTO_AES is not set +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ANUBIS is not set +# CONFIG_CRYPTO_ARC4 is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_DES is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_KHAZAD is not set +# CONFIG_CRYPTO_SALSA20 is not set +# CONFIG_CRYPTO_CHACHA20 is not set +# CONFIG_CRYPTO_SEED is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4 is not set +# CONFIG_CRYPTO_TEA is not set +# CONFIG_CRYPTO_TWOFISH is not set + +# +# Compression +# +# CONFIG_CRYPTO_DEFLATE is not set +# CONFIG_CRYPTO_LZO is not set +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +# CONFIG_CRYPTO_DRBG_MENU is not set +# CONFIG_CRYPTO_JITTERENTROPY is not set +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +# CONFIG_CRYPTO_USER_API_SKCIPHER is not set +# CONFIG_CRYPTO_USER_API_RNG is not set +# CONFIG_CRYPTO_USER_API_AEAD is not set +CONFIG_CRYPTO_HW=y +# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set +# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set +# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set +CONFIG_CRYPTO_DEV_VIRTIO=y +# CONFIG_CRYPTO_DEV_SAFEXCEL is not set +# CONFIG_CRYPTO_DEV_CCREE is not set +# CONFIG_ASYMMETRIC_KEY_TYPE is not set + +# +# Certificates for signature checking +# +# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +# end of Certificates for signature checking + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +# CONFIG_CORDIC is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +# CONFIG_CRC_CCITT is not set +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC64 is not set +# CONFIG_CRC4 is not set +CONFIG_CRC7=y +# CONFIG_LIBCRC32C is not set +# CONFIG_CRC8 is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_ZLIB_INFLATE=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +CONFIG_XZ_DEC_BCJ=y +# CONFIG_XZ_DEC_TEST is not set +CONFIG_DECOMPRESS_GZIP=y +CONFIG_DECOMPRESS_BZIP2=y +CONFIG_DECOMPRESS_LZMA=y +CONFIG_DECOMPRESS_XZ=y +CONFIG_DECOMPRESS_LZO=y +CONFIG_DECOMPRESS_LZ4=y +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_INTERVAL_TREE=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_DMA_DECLARE_COHERENT=y +CONFIG_SWIOTLB=y +CONFIG_DMA_CMA=y + +# +# Default contiguous memory area size: +# +CONFIG_CMA_SIZE_MBYTES=1024 +CONFIG_CMA_SIZE_SEL_MBYTES=y +# CONFIG_CMA_SIZE_SEL_PERCENTAGE is not set +# CONFIG_CMA_SIZE_SEL_MIN is not set +# CONFIG_CMA_SIZE_SEL_MAX is not set +CONFIG_CMA_ALIGNMENT=9 +# CONFIG_DMA_API_DEBUG is not set +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_GLOB=y +# CONFIG_GLOB_SELFTEST is not set +CONFIG_NLATTR=y +# CONFIG_IRQ_POLL is not set +CONFIG_LIBFDT=y +CONFIG_OID_REGISTRY=y +CONFIG_FONT_SUPPORT=y +# CONFIG_FONTS is not set +CONFIG_FONT_8x8=y +CONFIG_FONT_8x16=y +CONFIG_SG_POOL=y +CONFIG_SBITMAP=y +# CONFIG_STRING_SELFTEST is not set +# end of Library routines + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set +# end of printk and dmesg options + +# +# Compile-time checks and compiler options +# +# CONFIG_DEBUG_INFO is not set +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=2048 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_INSTALL is not set +CONFIG_OPTIMIZE_INLINING=y +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_SLUB_STATS is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_MEMORY_INIT is not set +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_KASAN_STACK=1 +# end of Memory Debugging + +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_SOFTLOCKUP_DETECTOR is not set +# CONFIG_DETECT_HUNG_TASK is not set +# CONFIG_WQ_WATCHDOG is not set +# end of Debug Lockups and Hangs + +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +CONFIG_SCHED_DEBUG=y +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_STACKTRACE is not set +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PLIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=21 +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_PREEMPTIRQ_EVENTS is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set +# CONFIG_PREEMPTIRQ_DELAY_TEST is not set +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_TEST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_REED_SOLOMON_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_PERCPU_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_STRSCPY is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_BITFIELD is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_OVERFLOW is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_TEST_IDA is not set +# CONFIG_TEST_LKM is not set +# CONFIG_TEST_VMALLOC is not set +# CONFIG_TEST_USER_COPY is not set +# CONFIG_TEST_BPF is not set +# CONFIG_TEST_BLACKHOLE_DEV is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_STATIC_KEYS is not set +# CONFIG_TEST_KMOD is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_STACKINIT is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_MEMTEST is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_SAMPLES is not set +# CONFIG_UBSAN is not set +CONFIG_UBSAN_ALIGNMENT=y +# end of Kernel hacking +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_PAGEALLOC=y +CONFIG_DEBUG_VM=y +CONFIG_DEBUG_VM_PGFLAGS=y +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_DEBUG_PER_CPU_MAPS=y +CONFIG_DEBUG_TIMEKEEPING=y +CONFIG_DEBUG_RT_MUTEXES=y +CONFIG_DEBUG_SPINLOCK=y +CONFIG_DEBUG_MUTEXES=y +CONFIG_DEBUG_RWSEMS=y +CONFIG_DEBUG_ATOMIC_SLEEP=y +CONFIG_STACKTRACE=y +CONFIG_DEBUG_LIST=y +CONFIG_DEBUG_PLIST=y +CONFIG_DEBUG_SG=y +CONFIG_RCU_EQS_DEBUG=y +CONFIG_DEBUG_BLOCK_EXT_DEVT=y +CONFIG_DEBUG_INFO=y +# \ No newline at end of file diff --git a/confidential-vms/linux_vm/configurations/qemu_riscv64_virt_defconfig b/confidential-vms/linux_vm/configurations/qemu_riscv64_virt_defconfig new file mode 100644 index 0000000..03474eb --- /dev/null +++ b/confidential-vms/linux_vm/configurations/qemu_riscv64_virt_defconfig @@ -0,0 +1,75 @@ +# Architecture +BR2_riscv=y +BR2_RISCV_64=y +BR2_RISCV_g=y +BR2_RISCV_ABI_LP64D=y +BR2_GCC_TARGET_ABI="lp64d" +# +BR2_TOOLCHAIN_EXTERNAL=y +BR2_TOOLCHAIN_EXTERNAL_PATH="$(RISCV)" +BR2_TOOLCHAIN_EXTERNAL_CUSTOM_PREFIX="$(ARCH)-unknown-linux-gnu" +BR2_TOOLCHAIN_EXTERNAL_GCC_12=y +BR2_TOOLCHAIN_EXTERNAL_HEADERS_5_10=y +BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y +#BR2_TOOLCHAIN_EXTERNAL_INET_RPC=y +BR2_TOOLCHAIN_EXTERNAL_INET_RPC=n +BR2_TOOLCHAIN_EXTERNAL_CXX=y + +# Shell +BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y +BR2_PACKAGE_BASH=y +BR2_SYSTEM_BIN_SH_BASH=y + +# System +BR2_SYSTEM_DHCP="eth0" +#BR2_TARGET_GENERIC_GETTY=y +#BR2_TARGET_GENERIC_GETTY_PORT="ttyS0" +BR2_TARGET_GENERIC_ROOT_PASSWD="passwd" + +# Filesystem +BR2_TARGET_ROOTFS_EXT2=y +BR2_ROOTFS_OVERLAY="" +BR2_TARGET_ROOTFS_EXT2_2=n +BR2_TARGET_ROOTFS_EXT2_3=y +BR2_TARGET_ROOTFS_EXT2_SIZE=2G + +# Kernel +BR2_LINUX_KERNEL=y +BR2_LINUX_KERNEL_CUSTOM_VERSION=y +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.3-rc5" +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_3=y +BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y +BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=n +BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="" +BR2_LINUX_KERNEL_IMAGE=y +BR2_LINUX_KERNEL_VMLINUX=y +BR2_LINUX_KERNEL_BZIMAGE=y + +# specify patches of the linux kernel +BR2_LINUX_KERNEL_PATCH="" +# BR2_GLOBAL_PATCH_DIR="" + +# Bootloader +# BR2_TARGET_OPENSBI=y +# BR2_TARGET_OPENSBI_USE_PLAT=y +# BR2_TARGET_OPENSBI_PLAT="qemu/virt" + +# Packages +BR2_PACKAGE_DROPBEAR=y + + +### +# BR2_TOOLCHAIN_BUILDROOT_GLIBC=y +# BR2_TOOLCHAIN_BUILDROOT_CXX=y +# BR2_PACKAGE_HOST_GDB=y +# BR2_PACKAGE_HOST_GDB_TUI=y +# BR2_PACKAGE_HOST_GDB_PYTHON3=y +# BR2_CCACHE=y +# BR2_CCACHE_INITIAL_SETUP="-M0 -F0" +# BR2_SSP_NONE=y + +BR2_PER_PACKAGE_DIRECTORIES=y +BR2_VERBOSE=0 + +# DEVELOPMENT WITH CUSTOM LINUX SOURCES +BR2_PACKAGE_OVERRIDE_FILE="" diff --git a/confidential-vms/linux_vm/patches/linux/6.3-rc5/ace.patch b/confidential-vms/linux_vm/patches/linux/6.3-rc5/ace.patch new file mode 100644 index 0000000..88a0b3d --- /dev/null +++ b/confidential-vms/linux_vm/patches/linux/6.3-rc5/ace.patch @@ -0,0 +1,181 @@ +diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig +index eb7f29a412f8..43ce18ffb720 100644 +--- a/arch/riscv/Kconfig ++++ b/arch/riscv/Kconfig +@@ -188,6 +188,10 @@ config KASAN_SHADOW_OFFSET + default 0xdfffffff00000000 if 64BIT + default 0xffffffff if 32BIT + ++config ARCH_HAS_MEM_ENCRYPT ++ def_bool y ++ select ARCH_HAS_FORCE_DMA_UNENCRYPTED ++ + config ARCH_FLATMEM_ENABLE + def_bool !NUMA + +diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile +index 4cf303a779ab..5d6b49fea52b 100644 +--- a/arch/riscv/kernel/Makefile ++++ b/arch/riscv/kernel/Makefile +@@ -30,6 +30,7 @@ endif + + extra-y += vmlinux.lds + ++obj-y += ace.o + obj-y += head.o + obj-y += soc.o + obj-$(CONFIG_RISCV_ALTERNATIVE) += alternative.o +diff --git a/arch/riscv/include/asm/mem_encrypt.h b/arch/riscv/include/asm/mem_encrypt.h +new file mode 100644 +index 000000000000..d0bc620d06cc +--- /dev/null ++++ b/arch/riscv/include/asm/mem_encrypt.h +@@ -0,0 +1,12 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++#ifndef RISCV_ACE_MEM_ENCRYPT_H__ ++#define RISCV_ACE_MEM_ENCRYPT_H__ ++ ++static inline bool force_dma_unencrypted(struct device *dev) { ++ // return true/false depending if we are a confidential VM ++ return true; ++} ++int set_memory_encrypted(unsigned long vaddr, int numpages); ++int set_memory_decrypted(unsigned long vaddr, int numpages); ++ ++#endif /* RISCV_ACE_MEM_ENCRYPT_H__ */ +diff --git a/arch/riscv/kernel/ace.c b/arch/riscv/kernel/ace.c +new file mode 100644 +index 000000000000..09c59b673c7e +--- /dev/null ++++ b/arch/riscv/kernel/ace.c +@@ -0,0 +1,45 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * ACE helper functions ++ * ++ * Copyright 2018 IBM Corporation ++ */ ++ ++#ifndef _ASM_RISCV_ACE_MEM_ENCRYPT_H ++#define _ASM_RISCV_ACE_MEM_ENCRYPT_H ++ ++#include ++#include ++#include ++#include ++#include ++ ++int set_memory_encrypted(unsigned long addr, int numpages) ++{ ++ int i; ++ ++ if (!PAGE_ALIGNED(addr)) ++ return -EINVAL; ++ ++ for (i=0; i + #include + #include +- ++#include + #include + #include + #include +@@ -269,6 +270,14 @@ void __init setup_arch(char **cmdline_p) + + *cmdline_p = boot_command_line; + ++ // START ACE INIT ++ // Request the hypervisor to preload all pages ++ // TODO: read the total memory size and expose it to the hypervisor with the call ++ sbi_ecall(0x509999, 0, 0, 0, 0, 0, 0, 0); ++ // Request the security monitor to promote the VM to a confidential VM ++ sbi_ecall(0x510000, 1000, 0, 0, 0, 0, 0, 0); ++ // END ACE INIT ++ + early_ioremap_setup(); + jump_label_init(); + parse_early_param(); +diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c +index 478d6763a01a..b441d4c441ec 100644 +--- a/arch/riscv/mm/init.c ++++ b/arch/riscv/mm/init.c +@@ -6,6 +6,7 @@ + * Nick Kossifidis + */ + ++#include + #include + #include + #include +@@ -28,6 +29,8 @@ + #include + #include + #include ++#include ++#include + + #include "../kernel/head.h" + +@@ -160,7 +163,12 @@ void __init mem_init(void) + BUG_ON(!mem_map); + #endif /* CONFIG_FLATMEM */ + +- swiotlb_init(max_pfn > PFN_DOWN(dma32_phys_limit), SWIOTLB_VERBOSE); ++ // ACE START ++ virtio_set_mem_acc_cb(virtio_require_restricted_mem_acc); ++ swiotlb_init(true, SWIOTLB_ANY | SWIOTLB_FORCE | SWIOTLB_VERBOSE); ++ swiotlb_update_mem_attributes(); ++ // ACE END ++ // swiotlb_init(max_pfn > PFN_DOWN(dma32_phys_limit), SWIOTLB_VERBOSE); + memblock_free_all(); + + print_vm_layout(); +diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c +index 3893dc29eb26..93055cd3e62d 100644 +--- a/drivers/virtio/virtio.c ++++ b/drivers/virtio/virtio.c +@@ -181,11 +181,11 @@ static int virtio_features_ok(struct virtio_device *dev) + return -ENODEV; + } + +- if (!virtio_has_feature(dev, VIRTIO_F_ACCESS_PLATFORM)) { +- dev_warn(&dev->dev, +- "device must provide VIRTIO_F_ACCESS_PLATFORM\n"); +- return -ENODEV; +- } ++ // if (!virtio_has_feature(dev, VIRTIO_F_ACCESS_PLATFORM)) { ++ // dev_warn(&dev->dev, ++ // "device must provide VIRTIO_F_ACCESS_PLATFORM\n"); ++ // return -ENODEV; ++ // } + } + + if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) \ No newline at end of file diff --git a/confidential-vms/linux_vm/patches/linux/6.8-rc4/ace.patch b/confidential-vms/linux_vm/patches/linux/6.8-rc4/ace.patch new file mode 100644 index 0000000..03c0915 --- /dev/null +++ b/confidential-vms/linux_vm/patches/linux/6.8-rc4/ace.patch @@ -0,0 +1,153 @@ +diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig +index bffbd869a068..426f4f5e89ea 100644 +--- a/arch/riscv/Kconfig ++++ b/arch/riscv/Kconfig +@@ -248,6 +248,10 @@ config KASAN_SHADOW_OFFSET + default 0xdfffffff00000000 if 64BIT + default 0xffffffff if 32BIT + ++config ARCH_HAS_MEM_ENCRYPT ++ def_bool y ++ select ARCH_HAS_FORCE_DMA_UNENCRYPTED ++ + config ARCH_FLATMEM_ENABLE + def_bool !NUMA + +diff --git a/arch/riscv/include/asm/mem_encrypt.h b/arch/riscv/include/asm/mem_encrypt.h +new file mode 100644 +index 000000000000..d0bc620d06cc +--- /dev/null ++++ b/arch/riscv/include/asm/mem_encrypt.h +@@ -0,0 +1,12 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++#ifndef RISCV_ACE_MEM_ENCRYPT_H__ ++#define RISCV_ACE_MEM_ENCRYPT_H__ ++ ++static inline bool force_dma_unencrypted(struct device *dev) { ++ // return true/false depending if we are a confidential VM ++ return true; ++} ++int set_memory_encrypted(unsigned long vaddr, int numpages); ++int set_memory_decrypted(unsigned long vaddr, int numpages); ++ ++#endif /* RISCV_ACE_MEM_ENCRYPT_H__ */ +diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile +index f71910718053..78fa62d3ccc8 100644 +--- a/arch/riscv/kernel/Makefile ++++ b/arch/riscv/kernel/Makefile +@@ -35,6 +35,7 @@ endif + + extra-y += vmlinux.lds + ++obj-y += ace.o + obj-y += head.o + obj-y += soc.o + obj-$(CONFIG_RISCV_ALTERNATIVE) += alternative.o +diff --git a/arch/riscv/kernel/ace.c b/arch/riscv/kernel/ace.c +new file mode 100644 +index 000000000000..ef786886906f +--- /dev/null ++++ b/arch/riscv/kernel/ace.c +@@ -0,0 +1,47 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++/* ++ * ACE helper functions ++ * ++ * Copyright 2018 IBM Corporation ++ */ ++ ++#ifndef _ASM_RISCV_ACE_MEM_ENCRYPT_H ++#define _ASM_RISCV_ACE_MEM_ENCRYPT_H ++ ++#include ++#include ++#include ++#include ++#include ++ ++int set_memory_encrypted(unsigned long addr, int numpages) ++{ ++ int i; ++ sbi_ecall(0x510000, 9000, 666, 660, 0, 0, 0, 0); ++ ++ if (!PAGE_ALIGNED(addr)) ++ return -EINVAL; ++ ++ for (i=0; i + */ + ++#include + #include + #include + #include +@@ -33,6 +34,8 @@ + #include + #include + #include ++#include ++#include + + #include "../kernel/head.h" + +@@ -166,7 +169,12 @@ void __init mem_init(void) + BUG_ON(!mem_map); + #endif /* CONFIG_FLATMEM */ + +- swiotlb_init(max_pfn > PFN_DOWN(dma32_phys_limit), SWIOTLB_VERBOSE); ++ // ACE START ++ virtio_set_mem_acc_cb(virtio_require_restricted_mem_acc); ++ swiotlb_init(true, SWIOTLB_ANY | SWIOTLB_FORCE | SWIOTLB_VERBOSE); ++ swiotlb_update_mem_attributes(); ++ // ACE END ++ // swiotlb_init(max_pfn > PFN_DOWN(dma32_phys_limit), SWIOTLB_VERBOSE); + memblock_free_all(); + + print_vm_layout(); diff --git a/confidential-vms/linux_vm/rootfs/run_linux_vm.sh b/confidential-vms/linux_vm/rootfs/run_linux_vm.sh new file mode 100755 index 0000000..a415c61 --- /dev/null +++ b/confidential-vms/linux_vm/rootfs/run_linux_vm.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +# SPDX-FileCopyrightText: 2023 IBM Corporation +# SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich +# SPDX-License-Identifier: Apache-2.0 + +QEMU_CMD=qemu-system-riscv64 +KERNEL=/root/linux_vm/Image +DRIVE=/root/linux_vm/rootfs.ext2 + +HOST_PORT="$((3000 + RANDOM % 3000))" +INTERACTIVE="-nographic" +SMP=1 +MEMORY=1G + +for i in "$@"; do + case $i in + -e=*|--debug-port=*) + DEBUG_PORT="${i#*=}" + DEBUG_OPTIONS="-gdb tcp::${DEBUG_PORT} -S -d in_asm -D debug.log" + echo ${DEBUG_OPTIONS} + shift + ;; + --host-port=*) + HOST_PORT="${i#*=}" + shift + ;; + -s=*|--smp=*) + SMP="${i#*=}" + shift + ;; + -m=*|--memory=*) + MEMORY="${i#*=}" + shift + ;; + --daemonize*) + INTERACTIVE="-daemonize" + shift + ;; + -*|--*) + echo "Unknown option $i" + exit 1 + ;; + *) + ;; + esac +done + +echo "SSH port: ${HOST_PORT}" +echo "Number of cores assigned to the guest: ${SMP}" + +${QEMU_CMD} ${DEBUG_OPTIONS} \ + ${INTERACTIVE} \ + --enable-kvm \ + -machine virt -cpu rv64 -smp ${SMP} -m ${MEMORY} \ + -kernel ${KERNEL} \ + -global virtio-mmio.force-legacy=false \ + -append "console=ttyS0 ro root=/dev/vda swiotlb=force" \ + -netdev user,id=net0,net=192.168.100.1/24,dhcpstart=192.168.100.128,hostfwd=tcp::${HOST_PORT}-:22 \ + -device virtio-net-device,netdev=net0 \ + -device virtio-rng-pci \ + -drive if=none,format=raw,file=${DRIVE},id=hd0 \ + -device virtio-blk-device,scsi=off,drive=hd0 \ + -nographic diff --git a/hypervisor/Makefile b/hypervisor/Makefile index 9db20f0..81f77c0 100644 --- a/hypervisor/Makefile +++ b/hypervisor/Makefile @@ -2,81 +2,66 @@ # SPDX-FileCopyrightText: 2023 IBM Corporation # SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich # SPDX-License-Identifier: Apache-2.0 -MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) -MAKEFILE_SOURCE_DIR := $(dir $(realpath $(lastword $(MAKEFILE_LIST)))) -ACE_DIR := $(if $(ACE_DIR),$(ACE_DIR),$(MAKEFILE_SOURCE_DIR)../build/) +MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) +MAKEFILE_SOURCE_DIR := $(dir $(realpath $(lastword $(MAKEFILE_LIST)))) +ACE_DIR := $(if $(ACE_DIR),$(ACE_DIR),$(MAKEFILE_SOURCE_DIR)../build/) +HYPERVISOR_WORK_DIR := $(ACE_DIR)/hypervisor/ -ROOTFS_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/rootfs -CONFIGURATION_DIR ?= $(MAKEFILE_SOURCE_DIR)/configurations -BUILDROOT_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/buildroot -BUILDROOT_WORK_DIR ?= $(ACE_DIR)/buildroot -BUILDROOT_CONFIG_DIR ?= $(CONFIGURATION_DIR)/qemu_riscv64_virt_defconfig -PATCHES_DIR ?= $(CONFIGURATION_DIR)/patches -OVERLAY_DIR ?= $(ACE_DIR)/overlay -OVERLAY_ROOT_DIR ?= $(OVERLAY_DIR)/root -LINUX_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/linux/ -LINUX_PATCH ?= $(PATCHES_DIR)/linux/linux-kernel-6.3.0-rc5.patch -LINUX_WORK_DIR ?= $(ACE_DIR)/linux/ -LINUX_IMAGE ?= $(LINUX_WORK_DIR)/arch/riscv/boot/Image +HYPERVISOR_ROOTFS_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/rootfs +HYPERVISOR_CONFIGURATION_DIR ?= $(MAKEFILE_SOURCE_DIR)/configurations +BUILDROOT_SOURCE_DIR ?= $(MAKEFILE_SOURCE_DIR)/buildroot -RISCV_GNU_TOOLCHAIN_WORK_DIR ?= $(ACE_DIR)/riscv-gnu-toolchain/ -export PATH := $(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH) +HYPERVISOR_BUILDROOT_CONFIG_DIR ?= $(HYPERVISOR_CONFIGURATION_DIR)/qemu_riscv64_virt_defconfig +HYPERVISOR_LINUX_CONFIG ?= $(HYPERVISOR_CONFIGURATION_DIR)/linux64-defconfig +HYPERVISOR_BUILDROOT_OVERRIDE_DIR ?= $(HYPERVISOR_CONFIGURATION_DIR)/package_override.dev +HYPERVISOR_ROOTFS_SIZE ?= "5G" +HYPERVISOR_OVERLAY_DIR ?= $(HYPERVISOR_WORK_DIR)/overlay +HYPERVISOR_OVERLAY_ROOT_DIR ?= $(HYPERVISOR_OVERLAY_DIR)/root +HYPERVISOR_PATCHES_DIR ?= $(MAKEFILE_SOURCE_DIR)/patches +HYPERVISOR_LINUX_PATCH ?= $(HYPERVISOR_PATCHES_DIR)/linux/6.3-rc5/ -CROSS_COMPILE ?= riscv64-unknown-linux-gnu- +BUILDROOT_WORK_DIR ?= $(HYPERVISOR_WORK_DIR)/buildroot +RISCV_GNU_TOOLCHAIN_WORK_DIR ?= $(ACE_DIR)/riscv-gnu-toolchain/ +export PATH := $(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH) -all: setup buildroot linux +CROSS_COMPILE ?= riscv64-unknown-linux-gnu- + +all: setup buildroot setup: - env - uname -a - echo $(ACE_DIR) @mkdir -p $(ACE_DIR) -patch: - if [ ! -f "${LINUX_SOURCE_DIR}/arch/riscv/kvm/vcpu_sbi_ace.c" ]; then \ - cd $(LINUX_SOURCE_DIR); git apply --whitespace=fix $(LINUX_PATCH); cd $(MAKEFILE_SOURCE_DIR); \ - fi - -new_patches: - cd $(LINUX_SOURCE_DIR); git add . ; git diff HEAD > $(LINUX_PATCH); cd $(MAKEFILE_SOURCE_DIR) - buildroot: setup if [ ! -f "${BUILDROOT_WORK_DIR}/images/rootfs.ext2" ]; then \ - echo "Building buildroot"; \ + echo "Building the hypervisor with buildroot"; \ rm -rf $(BUILDROOT_WORK_DIR); \ mkdir -p $(BUILDROOT_WORK_DIR); \ - mkdir -p $(OVERLAY_ROOT_DIR); \ - mkdir -p $(OVERLAY_DIR); \ - cp $(BUILDROOT_CONFIG_DIR) $(BUILDROOT_WORK_DIR)/.config; \ - sed "s@^BR2_ROOTFS_OVERLAY=.*@BR2_ROOTFS_OVERLAY=\"$(OVERLAY_DIR)\"@g" -i $(BUILDROOT_WORK_DIR)/.config; \ - sed "s@^BR2_TARGET_ROOTFS_EXT2_SIZE=.*@BR2_TARGET_ROOTFS_EXT2_SIZE=\"512M\"@g" -i $(BUILDROOT_WORK_DIR)/.config; \ - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(BUILDROOT_SOURCE_DIR) RISCV=$(RISCV) PATH=$(PATH) O=$(BUILDROOT_WORK_DIR) CROSS_COMPILE=$(CROSS_COMPILE) olddefconfig; \ - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(BUILDROOT_SOURCE_DIR) RISCV=$(RISCV) PATH=$(PATH) O=$(BUILDROOT_WORK_DIR) BR2_JLEVEL=12; \ + mkdir -p $(HYPERVISOR_OVERLAY_ROOT_DIR); \ + mkdir -p $(HYPERVISOR_OVERLAY_DIR); \ + cp $(HYPERVISOR_BUILDROOT_CONFIG_DIR) $(BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_ROOTFS_OVERLAY=.*@BR2_ROOTFS_OVERLAY=\"$(HYPERVISOR_OVERLAY_DIR)\"@g" -i $(BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_TARGET_ROOTFS_EXT2_SIZE=.*@BR2_TARGET_ROOTFS_EXT2_SIZE=\"$(HYPERVISOR_ROOTFS_SIZE)\"@g" -i $(BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=.*@BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=\"$(HYPERVISOR_LINUX_CONFIG)\"@g" -i $(BUILDROOT_WORK_DIR)/.config; \ + sed "s@^BR2_LINUX_KERNEL_PATCH=.*@BR2_LINUX_KERNEL_PATCH=\"$(HYPERVISOR_LINUX_PATCH)\"@g" -i $(BUILDROOT_WORK_DIR)/.config; \ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(BUILDROOT_SOURCE_DIR) RISCV=$(RISCV_GNU_TOOLCHAIN_WORK_DIR) PATH=$(PATH) O=$(BUILDROOT_WORK_DIR) CROSS_COMPILE=$(CROSS_COMPILE) BR2_JLEVEL=0 olddefconfig ;\ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(BUILDROOT_SOURCE_DIR) RISCV=$(RISCV_GNU_TOOLCHAIN_WORK_DIR) PATH=$(PATH) O=$(BUILDROOT_WORK_DIR) BR2_JLEVEL=0 ;\ fi overlay: - mkdir -p $(OVERLAY_ROOT_DIR); \ - mkdir -p $(OVERLAY_DIR); \ - cp $(ROOTFS_SOURCE_DIR)/*.sh $(OVERLAY_ROOT_DIR)/ ; \ - rm -rf $(OVERLAY_ROOT_DIR)/ace-kernel-module/ ; \ - cp -r $(ROOTFS_SOURCE_DIR)/ace-kernel-module $(OVERLAY_ROOT_DIR)/ ; \ - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(OVERLAY_ROOT_DIR)/ace-kernel-module/ CROSS_COMPILE=$(CROSS_COMPILE) ARCH=riscv KDIR=$(LINUX_SOURCE_DIR) O=$(LINUX_WORK_DIR) CC="riscv64-unknown-linux-gnu-gcc" - -rootfs: - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(BUILDROOT_SOURCE_DIR) RISCV=$(RISCV) PATH=$(PATH) O=$(BUILDROOT_WORK_DIR) rootfs-ext2 + echo "Setting up the content of the hypervisor's root directory" ;\ + mkdir -p $(HYPERVISOR_OVERLAY_ROOT_DIR); \ + mkdir -p $(HYPERVISOR_OVERLAY_DIR); \ + cp $(HYPERVISOR_ROOTFS_SOURCE_DIR)/*.sh $(HYPERVISOR_OVERLAY_ROOT_DIR)/ -linux: setup patch - if [ ! -f "${LINUX_IMAGE}" ]; then \ - echo "Building Linux kernel"; \ - rm -rf $(LINUX_WORK_DIR); \ - mkdir -p $(LINUX_WORK_DIR); \ - cp $(CONFIGURATION_DIR)/linux64-defconfig $(LINUX_WORK_DIR)/.config; \ - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -C $(LINUX_SOURCE_DIR) O=$(LINUX_WORK_DIR) CROSS_COMPILE=$(CROSS_COMPILE) ARCH=riscv olddefconfig; \ - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -C $(LINUX_SOURCE_DIR) O=$(LINUX_WORK_DIR) CROSS_COMPILE=$(CROSS_COMPILE) ARCH=riscv modules >/dev/null; \ - PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -C $(LINUX_SOURCE_DIR) O=$(LINUX_WORK_DIR) CROSS_COMPILE=$(CROSS_COMPILE) ARCH=riscv >/dev/null; \ - fi +dev: + sed "s@^BR2_PACKAGE_OVERRIDE_FILE=.*@BR2_PACKAGE_OVERRIDE_FILE=\"$(HYPERVISOR_BUILDROOT_OVERRIDE_DIR)\"@g" -i $(BUILDROOT_WORK_DIR)/.config; \ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(BUILDROOT_SOURCE_DIR) RISCV=$(RISCV_GNU_TOOLCHAIN_WORK_DIR) PATH=$(PATH) O=$(BUILDROOT_WORK_DIR) BR2_JLEVEL=0 linux-rebuild all + +rootfs: overlay + echo "Generating hypervisor's root filesystem" ;\ + PATH="$(RISCV_GNU_TOOLCHAIN_WORK_DIR)/bin:$(PATH)" $(MAKE) -s -C $(BUILDROOT_SOURCE_DIR) RISCV=$(RISCV_GNU_TOOLCHAIN_WORK_DIR) PATH=$(PATH) O=$(BUILDROOT_WORK_DIR) rootfs-ext2 clean: - rm -rf $(ACE_DIR) + rm -rf $(HYPERVISOR_WORK_DIR) .PHONY: all buildroot linux clean overlay rootfs diff --git a/hypervisor/configurations/qemu_riscv64_virt_defconfig b/hypervisor/configurations/qemu_riscv64_virt_defconfig index 2858a3f..22b3dad 100644 --- a/hypervisor/configurations/qemu_riscv64_virt_defconfig +++ b/hypervisor/configurations/qemu_riscv64_virt_defconfig @@ -29,45 +29,47 @@ BR2_TARGET_GENERIC_ROOT_PASSWD="passwd" # Filesystem BR2_TARGET_ROOTFS_EXT2=y BR2_ROOTFS_OVERLAY="" -BR2_TARGET_ROOTFS_EXT2_3=y -BR2_TARGET_ROOTFS_EXT2_SIZE=400M - - -# Linux headers same as kernel, a 5.12 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_1=y +BR2_TARGET_ROOTFS_EXT2_2=n +BR2_TARGET_ROOTFS_EXT2_3=n +BR2_TARGET_ROOTFS_EXT2_4=y +BR2_TARGET_ROOTFS_EXT2_SIZE="5G" # Kernel -# BR2_LINUX_KERNEL=y -# BR2_LINUX_KERNEL_CUSTOM_VERSION=y -# BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.1.12" +BR2_LINUX_KERNEL=y +BR2_LINUX_KERNEL_CUSTOM_VERSION=y +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.3-rc5" +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_3=y # BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y -# BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y -# BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_KEYSTONE_PATH)/configs/linux64-defconfig" -# BR2_LINUX_KERNEL_IMAGE=y - -# Bootloader -# BR2_TARGET_OPENSBI=y -# BR2_TARGET_OPENSBI_USE_PLAT=y -# BR2_TARGET_OPENSBI_PLAT="qemu/virt" +BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y +BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="" +BR2_LINUX_KERNEL_IMAGE=y +BR2_LINUX_KERNEL_VMLINUX=y +BR2_LINUX_KERNEL_BZIMAGE=y +# specify patches of the linux kernel +BR2_LINUX_KERNEL_PATCH="" +# development with custom Linux kernel sources +BR2_PACKAGE_OVERRIDE_FILE="" # Packages BR2_PACKAGE_DROPBEAR=y # Qemu -BR2_riscv=y BR2_PACKAGE_QEMU=y BR2_PACKAGE_QEMU_SLIRP=y BR2_PACKAGE_QEMU_SYSTEM=y +# build just QEMU for riscv64 +BR2_PACKAGE_QEMU_CHOOSE_TARGETS=y BR2_PACKAGE_QEMU_TARGET_RISCV64=y -#BR2_PACKAGE_QEMU_CUSTOM_TARGETS="riscv64-softmmu,riscv64-linux-user" +# BR2_PACKAGE_QEMU_HAS_EMULS=y BR2_PACKAGE_QEMU_FDT=y BR2_PACKAGE_QEMU_TOOLS=y BR2_PACKAGE_HOST_QEMU=y BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y +BR2_PACKAGE_QEMU_BLOBS=y + +# below not needed? BR2_TARGET_OPENSBI=y -BR2_TARGET_OPENSBI_CUSTOM_VERSION=y -BR2_TARGET_OPENSBI_CUSTOM_VERSION_VALUE="1.1" BR2_TARGET_OPENSBI_PLAT="generic" #BR2_PACKAGE_DEVMEM2=y @@ -75,10 +77,13 @@ BR2_TARGET_OPENSBI_PLAT="generic" ### # BR2_TOOLCHAIN_BUILDROOT_GLIBC=y # BR2_TOOLCHAIN_BUILDROOT_CXX=y -BR2_PACKAGE_HOST_GDB=y -BR2_PACKAGE_HOST_GDB_TUI=y -BR2_PACKAGE_HOST_GDB_PYTHON3=y +# BR2_PACKAGE_HOST_GDB=y +# BR2_PACKAGE_HOST_GDB_TUI=y +# BR2_PACKAGE_HOST_GDB_PYTHON3=y # BR2_CCACHE=y # BR2_CCACHE_INITIAL_SETUP="-M0 -F0" -# BR2_PER_PACKAGE_DIRECTORIES=y # BR2_SSP_NONE=y + +BR2_PER_PACKAGE_DIRECTORIES=y +BR2_VERBOSE=0 + diff --git a/hypervisor/linux b/hypervisor/linux deleted file mode 160000 index 7e364e5..0000000 --- a/hypervisor/linux +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 7e364e56293bb98cae1b55fd835f5991c4e96e7d diff --git a/hypervisor/configurations/patches/linux/linux-kernel-6.3.0-rc5.patch b/hypervisor/patches/linux/6.3-rc5/ace_support.patch similarity index 84% rename from hypervisor/configurations/patches/linux/linux-kernel-6.3.0-rc5.patch rename to hypervisor/patches/linux/6.3-rc5/ace_support.patch index 00e55b4..f8a5264 100644 --- a/hypervisor/configurations/patches/linux/linux-kernel-6.3.0-rc5.patch +++ b/hypervisor/patches/linux/6.3-rc5/ace_support.patch @@ -1,5 +1,5 @@ diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h -index cc7da66ee0c0..a52718c3dbd7 100644 +index cc7da66ee0c0..3e1ab6d5cf55 100644 --- a/arch/riscv/include/asm/kvm_host.h +++ b/arch/riscv/include/asm/kvm_host.h @@ -154,6 +154,7 @@ struct kvm_vcpu_csr { @@ -16,8 +16,8 @@ index cc7da66ee0c0..a52718c3dbd7 100644 struct kvm_pmu pmu_context; + + // ACE START -+ bool is_svm; -+ unsigned long svm_id; ++ bool is_confidential_vm; ++ unsigned long confidential_vm_id; + unsigned long vcpu_id; + // ACE END }; @@ -77,18 +77,10 @@ index 278e97c06e0a..56bfdde53fa4 100644 +kvm-y += vcpu_sbi_ace.o kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_pmu.o vcpu_sbi_pmu.o diff --git a/arch/riscv/kvm/mmu.c b/arch/riscv/kvm/mmu.c -index 78211aed36fa..5860fc82611a 100644 +index 78211aed36fa..73ea8455d9aa 100644 --- a/arch/riscv/kvm/mmu.c +++ b/arch/riscv/kvm/mmu.c -@@ -480,6 +480,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, - - mmap_read_lock(current->mm); - -+ - /* - * A memory region could potentially cover multiple VMAs, and - * any holes between them, so iterate over all of them to find -@@ -627,7 +628,6 @@ int kvm_riscv_gstage_map(struct kvm_vcpu *vcpu, +@@ -627,7 +627,6 @@ int kvm_riscv_gstage_map(struct kvm_vcpu *vcpu, bool logging = (memslot->dirty_bitmap && !(memslot->flags & KVM_MEM_READONLY)) ? true : false; unsigned long vma_pagesize, mmu_seq; @@ -97,19 +89,10 @@ index 78211aed36fa..5860fc82611a 100644 vma = vma_lookup(current->mm, hva); diff --git a/arch/riscv/kvm/vcpu.c b/arch/riscv/kvm/vcpu.c -index 7d010b0be54e..b93c76ea0ad2 100644 +index 7d010b0be54e..e4e7ab5f3f2d 100644 --- a/arch/riscv/kvm/vcpu.c +++ b/arch/riscv/kvm/vcpu.c -@@ -743,6 +743,8 @@ void kvm_riscv_vcpu_sync_interrupts(struct kvm_vcpu *vcpu) - struct kvm_vcpu_arch *v = &vcpu->arch; - struct kvm_vcpu_csr *csr = &vcpu->arch.guest_csr; - -+ // printk(KERN_INFO "kvm_riscv_vcpu_sync_interrupts\n"); -+ - /* Read current HVIP and VSIE CSRs */ - csr->vsie = csr_read(CSR_VSIE); - -@@ -982,10 +984,19 @@ static void kvm_riscv_update_hvip(struct kvm_vcpu *vcpu) +@@ -982,10 +982,17 @@ static void kvm_riscv_update_hvip(struct kvm_vcpu *vcpu) */ static void noinstr kvm_riscv_vcpu_enter_exit(struct kvm_vcpu *vcpu) { @@ -117,13 +100,11 @@ index 7d010b0be54e..b93c76ea0ad2 100644 - __kvm_riscv_switch_to(&vcpu->arch); - vcpu->arch.last_exit_cpu = vcpu->cpu; - guest_state_exit_irqoff(); -+ if (vcpu->arch.is_svm) { -+ // printk(KERN_INFO "kvm kvm_riscv_vcpu_enter_exit CONFIDENITLA VM!\n"); ++ if (vcpu->arch.is_confidential_vm) { + guest_state_enter_irqoff(); -+ __kvm_riscv_ace_switch_to(&vcpu->arch, 1010, vcpu->arch.svm_id, vcpu->arch.vcpu_id); ++ __kvm_riscv_ace_switch_to(&vcpu->arch, 1010, vcpu->arch.confidential_vm_id, vcpu->arch.vcpu_id); + vcpu->arch.last_exit_cpu = vcpu->cpu; + guest_state_exit_irqoff(); -+ // printk(KERN_INFO "kvm kvm_riscv_vcpu_enter_exit CONFIDENITLA VM EXIT!\n"); + } else { + guest_state_enter_irqoff(); + __kvm_riscv_switch_to(&vcpu->arch); @@ -133,38 +114,19 @@ index 7d010b0be54e..b93c76ea0ad2 100644 } int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) -@@ -999,6 +1010,8 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) - - kvm_vcpu_srcu_read_lock(vcpu); - -+ // printk(KERN_INFO "ACE KVM: kvm_arch_vcpu_ioctl_run: %d\n", run->exit_reason); -+ - switch (run->exit_reason) { - case KVM_EXIT_MMIO: - /* Process MMIO value returned from user-space */ diff --git a/arch/riscv/kvm/vcpu_exit.c b/arch/riscv/kvm/vcpu_exit.c -index 4ea101a73d8b..a872fc01e928 100644 +index 4ea101a73d8b..35811202f271 100644 --- a/arch/riscv/kvm/vcpu_exit.c +++ b/arch/riscv/kvm/vcpu_exit.c -@@ -24,6 +24,8 @@ static int gstage_page_fault(struct kvm_vcpu *vcpu, struct kvm_run *run, +@@ -23,6 +23,7 @@ static int gstage_page_fault(struct kvm_vcpu *vcpu, struct kvm_run *run, + gfn = fault_addr >> PAGE_SHIFT; memslot = gfn_to_memslot(vcpu->kvm, gfn); hva = gfn_to_hva_memslot_prot(memslot, gfn, &writable); - + // kvm_err("gstage_page_fault A fault_addr=%lx hva=%lx writable=%d\n", fault_addr, hva, writable); -+ + if (kvm_is_error_hva(hva) || (trap->scause == EXC_STORE_GUEST_PAGE_FAULT && !writable)) { - switch (trap->scause) { -@@ -40,6 +42,8 @@ static int gstage_page_fault(struct kvm_vcpu *vcpu, struct kvm_run *run, - }; - } - -+ // kvm_err("gstage_page_fault B kvm_riscv_gstage_map %lx %lx %lx %lx\n", fault_addr, hva, trap->htval, trap->stval); -+ - ret = kvm_riscv_gstage_map(vcpu, memslot, fault_addr, hva, - (trap->scause == EXC_STORE_GUEST_PAGE_FAULT) ? true : false); - if (ret < 0) -@@ -65,6 +69,8 @@ unsigned long kvm_riscv_vcpu_unpriv_read(struct kvm_vcpu *vcpu, +@@ -65,6 +66,8 @@ unsigned long kvm_riscv_vcpu_unpriv_read(struct kvm_vcpu *vcpu, register unsigned long ttmp asm("a1"); unsigned long flags, val, tmp, old_stvec, old_hstatus; @@ -173,7 +135,7 @@ index 4ea101a73d8b..a872fc01e928 100644 local_irq_save(flags); old_hstatus = csr_swap(CSR_HSTATUS, vcpu->arch.guest_context.hstatus); -@@ -175,32 +181,57 @@ int kvm_riscv_vcpu_exit(struct kvm_vcpu *vcpu, struct kvm_run *run, +@@ -175,12 +178,15 @@ int kvm_riscv_vcpu_exit(struct kvm_vcpu *vcpu, struct kvm_run *run, int ret; /* If we got host interrupt then do nothing */ @@ -185,21 +147,17 @@ index 4ea101a73d8b..a872fc01e928 100644 /* Handle guest traps */ ret = -EFAULT; run->exit_reason = KVM_EXIT_UNKNOWN; -+ + // kvm_err("kvm_riscv_vcpu_exit: cause=%ld\n", trap->scause); + switch (trap->scause) { case EXC_INST_ILLEGAL: if (vcpu->arch.guest_context.hstatus & HSTATUS_SPV) { -+ // kvm_err("kvm_riscv_vcpu_exit: enter EXC_INST_ILLEGAL\n"); - kvm_riscv_vcpu_trap_redirect(vcpu, trap); - ret = 1; +@@ -189,18 +195,21 @@ int kvm_riscv_vcpu_exit(struct kvm_vcpu *vcpu, struct kvm_run *run, } break; case EXC_VIRTUAL_INST_FAULT: - if (vcpu->arch.guest_context.hstatus & HSTATUS_SPV) + if (vcpu->arch.guest_context.hstatus & HSTATUS_SPV) { -+ // kvm_err("kvm_riscv_vcpu_exit: enter EXC_VIRTUAL_INST_FAULT\n"); ret = kvm_riscv_vcpu_virtual_insn(vcpu, run, trap); + } break; @@ -208,35 +166,19 @@ index 4ea101a73d8b..a872fc01e928 100644 case EXC_STORE_GUEST_PAGE_FAULT: - if (vcpu->arch.guest_context.hstatus & HSTATUS_SPV) + if (vcpu->arch.guest_context.hstatus & HSTATUS_SPV) { -+ // kvm_err("SEPC=0x%lx SSTATUS=0x%lx HSTATUS=0x%lx\n", vcpu->arch.guest_context.sepc, vcpu->arch.guest_context.sstatus, vcpu->arch.guest_context.hstatus); -+ // kvm_err("hvip=0x%lx scounteren=0x%lx htinst=0x%lx\n", vcpu->arch.guest_csr.hvip, vcpu->arch.guest_csr.scounteren, vcpu->arch.guest_csr.htinst); -+ // kvm_err("SCAUSE=0x%lx STVAL=0x%lx HTVAL=0x%lx HTINST=0x%lx\n", trap->scause, trap->stval, trap->htval, trap->htinst); -+ // kvm_err("0=0x%lx 1=0x%lx 2=0x%lx\n", vcpu->arch.guest_context.zero, vcpu->arch.guest_context.ra, vcpu->arch.guest_context.sp); -+ // kvm_err("3=0x%lx 4=0x%lx 5=0x%lx\n", vcpu->arch.guest_context.gp, vcpu->arch.guest_context.tp, vcpu->arch.guest_context.t0); -+ // kvm_err("6=0x%lx 7=0x%lx 8=0x%lx\n", vcpu->arch.guest_context.t1, vcpu->arch.guest_context.t2, vcpu->arch.guest_context.s0); -+ // kvm_err("9=0x%lx 10=0x%lx 11=0x%lx\n", vcpu->arch.guest_context.s1, vcpu->arch.guest_context.a0, vcpu->arch.guest_context.a1); -+ // kvm_err("12=0x%lx 13=0x%lx 14=0x%lx\n", vcpu->arch.guest_context.a2, vcpu->arch.guest_context.a3, vcpu->arch.guest_context.a4); -+ // kvm_err("15=0x%lx 16=0x%lx 17=0x%lx\n", vcpu->arch.guest_context.a5, vcpu->arch.guest_context.a6, vcpu->arch.guest_context.a7); -+ // kvm_err("18=0x%lx 19=0x%lx 20=0x%lx\n", vcpu->arch.guest_context.s2, vcpu->arch.guest_context.s3, vcpu->arch.guest_context.s4); -+ // kvm_err("21=0x%lx 22=0x%lx 23=0x%lx\n", vcpu->arch.guest_context.s5, vcpu->arch.guest_context.s6, vcpu->arch.guest_context.s7); -+ // kvm_err("24=0x%lx 25=0x%lx 26=0x%lx\n", vcpu->arch.guest_context.s8, vcpu->arch.guest_context.s9, vcpu->arch.guest_context.s10); -+ // kvm_err("27=0x%lx 28=0x%lx 29=0x%lx\n", vcpu->arch.guest_context.s11, vcpu->arch.guest_context.t3, vcpu->arch.guest_context.t4); -+ // kvm_err("30=0x%lx 31=0x%lx\n", vcpu->arch.guest_context.t5, vcpu->arch.guest_context.t6); -+ // kvm_err("kvm_riscv_vcpu_exit: enter EXC_STORE_GUEST_PAGE_FAULT\n"); ret = gstage_page_fault(vcpu, run, trap); + } break; case EXC_SUPERVISOR_SYSCALL: - if (vcpu->arch.guest_context.hstatus & HSTATUS_SPV) + if (vcpu->arch.guest_context.hstatus & HSTATUS_SPV) { -+ // kvm_err("kvm_riscv_vcpu_exit: enter EXC_SUPERVISOR_SYSCALL\n"); ret = kvm_riscv_vcpu_sbi_ecall(vcpu, run); + } break; default: break; diff --git a/arch/riscv/kvm/vcpu_insn.c b/arch/riscv/kvm/vcpu_insn.c -index f689337b78ff..fa7ffb6f2bf5 100644 +index f689337b78ff..25b4cdc930cb 100644 --- a/arch/riscv/kvm/vcpu_insn.c +++ b/arch/riscv/kvm/vcpu_insn.c @@ -106,6 +106,7 @@ @@ -252,7 +194,7 @@ index f689337b78ff..fa7ffb6f2bf5 100644 if (insn == 0) { ct = &vcpu->arch.guest_context; - insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, -+ if (vcpu->arch.is_svm) { ++ if (vcpu->arch.is_confidential_vm) { + // this is a hack because we have difficulties setting up htinst + // from the M-mode. A workaround is to store htinst in t6. + insn = ct->t6; @@ -282,7 +224,7 @@ index f689337b78ff..fa7ffb6f2bf5 100644 */ - insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, ct->sepc, - &utrap); -+ if (vcpu->arch.is_svm) { ++ if (vcpu->arch.is_confidential_vm) { + // this is a hack because we have difficulties setting up htinst + // from the M-mode. A workaround is to store htinst in t6. + insn = ct->t6; @@ -324,7 +266,7 @@ index f689337b78ff..fa7ffb6f2bf5 100644 */ - insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, ct->sepc, - &utrap); -+ if (vcpu->arch.is_svm) { ++ if (vcpu->arch.is_confidential_vm) { + // this is a hack because we have difficulties setting up htinst + // from the M-mode. A workaround is to store htinst in t6. + insn = ct->t6; @@ -410,7 +352,7 @@ index f689337b78ff..fa7ffb6f2bf5 100644 (ulong)data64 << shift >> shift); break; diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c -index 15fde15f9fb8..c453b2a91983 100644 +index 15fde15f9fb8..d4c0ab57d6a6 100644 --- a/arch/riscv/kvm/vcpu_sbi.c +++ b/arch/riscv/kvm/vcpu_sbi.c @@ -41,6 +41,7 @@ static const struct kvm_vcpu_sbi_extension *sbi_ext[] = { @@ -421,27 +363,18 @@ index 15fde15f9fb8..c453b2a91983 100644 }; void kvm_riscv_vcpu_sbi_forward(struct kvm_vcpu *vcpu, struct kvm_run *run) -@@ -69,6 +70,11 @@ void kvm_riscv_vcpu_sbi_system_reset(struct kvm_vcpu *vcpu, +@@ -69,6 +70,10 @@ void kvm_riscv_vcpu_sbi_system_reset(struct kvm_vcpu *vcpu, unsigned long i; struct kvm_vcpu *tmp; -+ if (vcpu->arch.is_svm) { -+ //sbi_ecall(0x510000, 3001, vcpu->arch.svm_id, 0, 0, 0, 0, 0); -+ vcpu->arch.is_svm = 0; ++ if (vcpu->arch.is_confidential_vm) { ++ vcpu->arch.is_confidential_vm = 0; + } + kvm_for_each_vcpu(i, tmp, vcpu->kvm) tmp->arch.power_off = true; kvm_make_all_cpus_request(vcpu->kvm, KVM_REQ_SLEEP); -@@ -92,6 +98,7 @@ int kvm_riscv_vcpu_sbi_return(struct kvm_vcpu *vcpu, struct kvm_run *run) - /* Update return values */ - cp->a0 = run->riscv_sbi.ret[0]; - cp->a1 = run->riscv_sbi.ret[1]; -+ printk(KERN_INFO "KVM kvm_riscv_vcpu_sbi_return: %d %d\n", cp->a0, cp->a1); - - /* Move to next instruction */ - vcpu->arch.guest_context.sepc += 4; -@@ -127,6 +134,7 @@ int kvm_riscv_vcpu_sbi_ecall(struct kvm_vcpu *vcpu, struct kvm_run *run) +@@ -127,6 +132,7 @@ int kvm_riscv_vcpu_sbi_ecall(struct kvm_vcpu *vcpu, struct kvm_run *run) bool ext_is_v01 = false; sbi_ext = kvm_vcpu_sbi_find_ext(cp->a7); @@ -449,7 +382,7 @@ index 15fde15f9fb8..c453b2a91983 100644 if (sbi_ext && sbi_ext->handler) { #ifdef CONFIG_RISCV_SBI_V01 if (cp->a7 >= SBI_EXT_0_1_SET_TIMER && -@@ -151,6 +159,7 @@ int kvm_riscv_vcpu_sbi_ecall(struct kvm_vcpu *vcpu, struct kvm_run *run) +@@ -151,6 +157,7 @@ int kvm_riscv_vcpu_sbi_ecall(struct kvm_vcpu *vcpu, struct kvm_run *run) /* Handle special error cases i.e trap, exit or userspace forward */ if (sbi_ret.utrap->scause) { @@ -459,10 +392,10 @@ index 15fde15f9fb8..c453b2a91983 100644 sbi_ret.utrap->sepc = cp->sepc; diff --git a/arch/riscv/kvm/vcpu_sbi_ace.c b/arch/riscv/kvm/vcpu_sbi_ace.c new file mode 100644 -index 000000000000..809a1ef06ec6 +index 000000000000..0e3eee78d537 --- /dev/null +++ b/arch/riscv/kvm/vcpu_sbi_ace.c -@@ -0,0 +1,140 @@ +@@ -0,0 +1,133 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2021 IBM. @@ -497,11 +430,12 @@ index 000000000000..809a1ef06ec6 + gfn_t gfn; + int ret; + long page; ++ unsigned long memory_size = cp->a0; + -+ printk(KERN_INFO "ACE KVM: loading all pages\n"); -+ long memory_start = 0x80000000; -+ long memory_size = 128*1024*1024; // TODO: get the real value -+ long number_of_pages = memory_size / 4096; ++ printk(KERN_INFO "ACE KVM: Loading all pages\n"); ++ unsigned long memory_start = 0x80000000; ++ // unsigned long number_of_pages = memory_size / 4096; ++ unsigned long number_of_pages = 1024*1024; // ~4GiB because a page is 4KiB; + for (page=0; page> PAGE_SHIFT; @@ -519,14 +453,14 @@ index 000000000000..809a1ef06ec6 +{ + struct kvm *kvm = vcpu->kvm; + struct kvm_cpu_context *cp = &vcpu->arch.guest_context; -+ unsigned long svm_id = cp->a0; ++ unsigned long confidential_vm_id = cp->a0; + unsigned long vcpu_id = cp->a1; + -+ vcpu->arch.is_svm = 1; -+ vcpu->arch.svm_id = svm_id; ++ vcpu->arch.is_confidential_vm = 1; ++ vcpu->arch.confidential_vm_id = confidential_vm_id; + vcpu->arch.vcpu_id = vcpu_id; + -+ printk(KERN_INFO "ACE KVM: registered SVM[id=%ld]\n", svm_id); ++ printk(KERN_INFO "ACE KVM: registered new confidential VM id=%ld\n", confidential_vm_id); + + return 0; +} @@ -534,7 +468,7 @@ index 000000000000..809a1ef06ec6 +static int kvm_sbi_ace_page_in(struct kvm_vcpu *vcpu, struct kvm_vcpu_sbi_return *retdata) +{ + struct kvm_cpu_context *cp = &vcpu->arch.guest_context; -+ unsigned long svm_id = vcpu->arch.svm_id; ++ unsigned long confidential_vm_id = vcpu->arch.confidential_vm_id; + unsigned long hart_id = vcpu->arch.vcpu_id; + unsigned long virt_addr = cp->a0; + unsigned long is_error = 0; @@ -552,16 +486,8 @@ index 000000000000..809a1ef06ec6 + phys_addr_t hpa = hfn << PAGE_SHIFT; + + struct kvm_cpu_context *reset_cntx = &vcpu->arch.guest_reset_context; -+ // reset_cntx = &target_vcpu->arch.; -+ // reset_cntx->sepc = cp->a1; -+ + retdata->out_val = hpa; + -+ // result = sbi_ecall(SECURITY_MONITOR_EXTID, SECURITY_MONITOR_PAGE_IN_FID, cookie, is_error, svm_id, hart_id, hpa, 0); -+ // if (result.error > 0) { -+ // printk(KERN_INFO "KVM: Security Monitor returned error from PAGE_IN sm-call.\n"); -+ // } -+ + return 0; +} + @@ -604,7 +530,7 @@ index 000000000000..809a1ef06ec6 + .handler = kvm_sbi_ext_ace_handler, +}; diff --git a/arch/riscv/kvm/vcpu_sbi_hsm.c b/arch/riscv/kvm/vcpu_sbi_hsm.c -index 7dca0e9381d9..b0fdc4f39d7a 100644 +index 7dca0e9381d9..46f33f29d411 100644 --- a/arch/riscv/kvm/vcpu_sbi_hsm.c +++ b/arch/riscv/kvm/vcpu_sbi_hsm.c @@ -32,8 +32,15 @@ static int kvm_sbi_hsm_vcpu_start(struct kvm_vcpu *vcpu) @@ -613,10 +539,10 @@ index 7dca0e9381d9..b0fdc4f39d7a 100644 reset_cntx->a1 = cp->a2; - kvm_make_request(KVM_REQ_VCPU_RESET, target_vcpu); -+ if (vcpu->arch.is_svm) { ++ if (vcpu->arch.is_confidential_vm) { + printk(KERN_INFO "ACE KVM: starting new vcpu\n"); -+ target_vcpu->arch.is_svm = 1; -+ target_vcpu->arch.svm_id = vcpu->arch.svm_id; ++ target_vcpu->arch.is_confidential_vm = 1; ++ target_vcpu->arch.confidential_vm_id = vcpu->arch.confidential_vm_id; + target_vcpu->arch.vcpu_id = target_vcpuid; + } + diff --git a/hypervisor/patches/linux/6.8-rc4/ace_support.patch b/hypervisor/patches/linux/6.8-rc4/ace_support.patch new file mode 100644 index 0000000..d2ccec7 --- /dev/null +++ b/hypervisor/patches/linux/6.8-rc4/ace_support.patch @@ -0,0 +1,588 @@ +diff --git a/arch/riscv/include/asm/kvm_host.h b/arch/riscv/include/asm/kvm_host.h +index 484d04a92fa6..26724205e22e 100644 +--- a/arch/riscv/include/asm/kvm_host.h ++++ b/arch/riscv/include/asm/kvm_host.h +@@ -269,6 +269,12 @@ struct kvm_vcpu_arch { + gpa_t shmem; + u64 last_steal; + } sta; ++ ++ // ACE START ++ bool is_confidential_vm; ++ unsigned long confidential_vm_id; ++ unsigned long vcpu_id; ++ // ACE END + }; + + static inline void kvm_arch_sync_events(struct kvm *kvm) {} +@@ -359,6 +365,7 @@ int kvm_riscv_vcpu_exit(struct kvm_vcpu *vcpu, struct kvm_run *run, + struct kvm_cpu_trap *trap); + + void __kvm_riscv_switch_to(struct kvm_vcpu_arch *vcpu_arch); ++void __kvm_riscv_ace_switch_to(struct kvm_vcpu_arch *vcpu_arch, long fid, long arg0, long arg1); + + void kvm_riscv_vcpu_setup_isa(struct kvm_vcpu *vcpu); + unsigned long kvm_riscv_vcpu_num_regs(struct kvm_vcpu *vcpu); +diff --git a/arch/riscv/include/asm/kvm_vcpu_sbi.h b/arch/riscv/include/asm/kvm_vcpu_sbi.h +index b96705258cf9..990233754a05 100644 +--- a/arch/riscv/include/asm/kvm_vcpu_sbi.h ++++ b/arch/riscv/include/asm/kvm_vcpu_sbi.h +@@ -88,6 +88,7 @@ extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_dbcn; + extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_sta; + extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_experimental; + extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_vendor; ++extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_ace; + + #ifdef CONFIG_RISCV_PMU_SBI + extern const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_pmu; +diff --git a/arch/riscv/include/asm/sbi.h b/arch/riscv/include/asm/sbi.h +index 6e68f8dff76b..e3b3b7706258 100644 +--- a/arch/riscv/include/asm/sbi.h ++++ b/arch/riscv/include/asm/sbi.h +@@ -31,6 +31,7 @@ enum sbi_ext_id { + SBI_EXT_SRST = 0x53525354, + SBI_EXT_SUSP = 0x53555350, + SBI_EXT_PMU = 0x504D55, ++ SBI_EXT_ACE = 0x509999, + SBI_EXT_DBCN = 0x4442434E, + SBI_EXT_STA = 0x535441, + +diff --git a/arch/riscv/include/uapi/asm/kvm.h b/arch/riscv/include/uapi/asm/kvm.h +index 7499e88a947c..02ead3ea21e4 100644 +--- a/arch/riscv/include/uapi/asm/kvm.h ++++ b/arch/riscv/include/uapi/asm/kvm.h +@@ -183,6 +183,7 @@ enum KVM_RISCV_SBI_EXT_ID { + KVM_RISCV_SBI_EXT_PMU, + KVM_RISCV_SBI_EXT_EXPERIMENTAL, + KVM_RISCV_SBI_EXT_VENDOR, ++ KVM_RISCV_SBI_EXT_ACE, + KVM_RISCV_SBI_EXT_DBCN, + KVM_RISCV_SBI_EXT_STA, + KVM_RISCV_SBI_EXT_MAX, +diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c +index a03129f40c46..0b0829c138f3 100644 +--- a/arch/riscv/kernel/asm-offsets.c ++++ b/arch/riscv/kernel/asm-offsets.c +@@ -162,6 +162,7 @@ void asm_offsets(void) + OFFSET(KVM_ARCH_GUEST_SSTATUS, kvm_vcpu_arch, guest_context.sstatus); + OFFSET(KVM_ARCH_GUEST_HSTATUS, kvm_vcpu_arch, guest_context.hstatus); + OFFSET(KVM_ARCH_GUEST_SCOUNTEREN, kvm_vcpu_arch, guest_csr.scounteren); ++ //OFFSET(KVM_ARCH_GUEST_HTINST, kvm_vcpu_arch, guest_csr.htinst); + + OFFSET(KVM_ARCH_HOST_ZERO, kvm_vcpu_arch, host_context.zero); + OFFSET(KVM_ARCH_HOST_RA, kvm_vcpu_arch, host_context.ra); +diff --git a/arch/riscv/kvm/Makefile b/arch/riscv/kvm/Makefile +index c9646521f113..140bbd2e80c9 100644 +--- a/arch/riscv/kvm/Makefile ++++ b/arch/riscv/kvm/Makefile +@@ -28,6 +28,7 @@ kvm-y += vcpu_sbi_replace.o + kvm-y += vcpu_sbi_hsm.o + kvm-y += vcpu_sbi_sta.o + kvm-y += vcpu_timer.o ++kvm-y += vcpu_sbi_ace.o + kvm-$(CONFIG_RISCV_PMU_SBI) += vcpu_pmu.o vcpu_sbi_pmu.o + kvm-y += aia.o + kvm-y += aia_device.o +diff --git a/arch/riscv/kvm/vcpu.c b/arch/riscv/kvm/vcpu.c +index b5ca9f2e98ac..a9e626e41349 100644 +--- a/arch/riscv/kvm/vcpu.c ++++ b/arch/riscv/kvm/vcpu.c +@@ -668,10 +668,17 @@ static __always_inline void kvm_riscv_vcpu_swap_in_host_state(struct kvm_vcpu *v + static void noinstr kvm_riscv_vcpu_enter_exit(struct kvm_vcpu *vcpu) + { + kvm_riscv_vcpu_swap_in_guest_state(vcpu); +- guest_state_enter_irqoff(); +- __kvm_riscv_switch_to(&vcpu->arch); +- vcpu->arch.last_exit_cpu = vcpu->cpu; +- guest_state_exit_irqoff(); ++ if (vcpu->arch.is_confidential_vm) { ++ guest_state_enter_irqoff(); ++ __kvm_riscv_ace_switch_to(&vcpu->arch, 1010, vcpu->arch.confidential_vm_id, vcpu->arch.vcpu_id); ++ vcpu->arch.last_exit_cpu = vcpu->cpu; ++ guest_state_exit_irqoff(); ++ } else { ++ guest_state_enter_irqoff(); ++ __kvm_riscv_switch_to(&vcpu->arch); ++ vcpu->arch.last_exit_cpu = vcpu->cpu; ++ guest_state_exit_irqoff(); ++ } + kvm_riscv_vcpu_swap_in_host_state(vcpu); + } + +diff --git a/arch/riscv/kvm/vcpu_insn.c b/arch/riscv/kvm/vcpu_insn.c +index 7a6abed41bc1..66bcad91440d 100644 +--- a/arch/riscv/kvm/vcpu_insn.c ++++ b/arch/riscv/kvm/vcpu_insn.c +@@ -417,9 +417,15 @@ int kvm_riscv_vcpu_virtual_insn(struct kvm_vcpu *vcpu, struct kvm_run *run, + if (unlikely(INSN_IS_16BIT(insn))) { + if (insn == 0) { + ct = &vcpu->arch.guest_context; +- insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, ++ if (vcpu->arch.is_confidential_vm) { ++ // this is a hack because we have difficulties setting up htinst ++ // from the M-mode. A workaround is to store htinst in t6. ++ insn = ct->t6; ++ } else { ++ insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, + ct->sepc, + &utrap); ++ } + if (utrap.scause) { + utrap.sepc = ct->sepc; + kvm_riscv_vcpu_trap_redirect(vcpu, &utrap); +@@ -473,8 +479,14 @@ int kvm_riscv_vcpu_mmio_load(struct kvm_vcpu *vcpu, struct kvm_run *run, + * Bit[0] == 0 implies trapped instruction value is + * zero or special value. + */ +- insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, ct->sepc, ++ if (vcpu->arch.is_confidential_vm) { ++ // this is a hack because we have difficulties setting up htinst ++ // from the M-mode. A workaround is to store htinst in t6. ++ insn = ct->t6; ++ } else { ++ insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, ct->sepc, + &utrap); ++ } + if (utrap.scause) { + /* Redirect trap if we failed to read instruction */ + utrap.sepc = ct->sepc; +@@ -599,8 +611,14 @@ int kvm_riscv_vcpu_mmio_store(struct kvm_vcpu *vcpu, struct kvm_run *run, + * Bit[0] == 0 implies trapped instruction value is + * zero or special value. + */ +- insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, ct->sepc, ++ if (vcpu->arch.is_confidential_vm) { ++ // this is a hack because we have difficulties setting up htinst ++ // from the M-mode. A workaround is to store htinst in t6. ++ insn = ct->t6; ++ } else { ++ insn = kvm_riscv_vcpu_unpriv_read(vcpu, true, ct->sepc, + &utrap); ++ } + if (utrap.scause) { + /* Redirect trap if we failed to read instruction */ + utrap.sepc = ct->sepc; +diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c +index 72a2ffb8dcd1..7b1fa864faf3 100644 +--- a/arch/riscv/kvm/vcpu_sbi.c ++++ b/arch/riscv/kvm/vcpu_sbi.c +@@ -82,6 +82,10 @@ static const struct kvm_riscv_sbi_extension_entry sbi_ext[] = { + .ext_idx = KVM_RISCV_SBI_EXT_VENDOR, + .ext_ptr = &vcpu_sbi_ext_vendor, + }, ++ { ++ .ext_idx = KVM_RISCV_SBI_EXT_ACE, ++ .ext_ptr = &vcpu_sbi_ext_ace, ++ }, + }; + + static const struct kvm_riscv_sbi_extension_entry * +@@ -138,6 +142,10 @@ void kvm_riscv_vcpu_sbi_system_reset(struct kvm_vcpu *vcpu, + unsigned long i; + struct kvm_vcpu *tmp; + ++ if (vcpu->arch.is_confidential_vm) { ++ vcpu->arch.is_confidential_vm = 0; ++ } ++ + kvm_for_each_vcpu(i, tmp, vcpu->kvm) + tmp->arch.power_off = true; + kvm_make_all_cpus_request(vcpu->kvm, KVM_REQ_SLEEP); +diff --git a/arch/riscv/kvm/vcpu_sbi_ace.c b/arch/riscv/kvm/vcpu_sbi_ace.c +new file mode 100644 +index 000000000000..0e3eee78d537 +--- /dev/null ++++ b/arch/riscv/kvm/vcpu_sbi_ace.c +@@ -0,0 +1,133 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * Copyright (c) 2021 IBM. ++ * ++ * Authors: ++ * Wojciech Ozga ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++const int SECURITY_MONITOR_EXTID = 0x510000; ++const int SECURITY_MONITOR_PAGE_IN_FID = 2003; ++ ++const int SBI_EXT_ACE_LOAD_ALL_PAGES = 0; ++const int SBI_EXT_ACE_REGISTER_SVM = 1; ++const int SBI_EXT_ACE_PAGE_IN = 2; ++ ++phys_addr_t test_phys_addr = 0; ++ ++static int kvm_sbi_ace_load_all_pages(struct kvm_vcpu *vcpu) ++{ ++ struct kvm_cpu_context *cp = &vcpu->arch.guest_context; ++ struct kvm_memory_slot *memslot; ++ unsigned long hva, fault_addr; ++ bool writable; ++ gfn_t gfn; ++ int ret; ++ long page; ++ unsigned long memory_size = cp->a0; ++ ++ printk(KERN_INFO "ACE KVM: Loading all pages\n"); ++ unsigned long memory_start = 0x80000000; ++ // unsigned long number_of_pages = memory_size / 4096; ++ unsigned long number_of_pages = 1024*1024; // ~4GiB because a page is 4KiB; ++ for (page=0; page> PAGE_SHIFT; ++ memslot = gfn_to_memslot(vcpu->kvm, gfn); ++ hva = gfn_to_hva_memslot_prot(memslot, gfn, &writable); ++ if (memslot != NULL && !kvm_is_error_hva(hva)) { ++ kvm_riscv_gstage_map(vcpu, memslot, fault_addr, hva, true); ++ } ++ } ++ ++ return 0; ++} ++ ++static int kvm_sbi_ace_register_svm(struct kvm_vcpu *vcpu) ++{ ++ struct kvm *kvm = vcpu->kvm; ++ struct kvm_cpu_context *cp = &vcpu->arch.guest_context; ++ unsigned long confidential_vm_id = cp->a0; ++ unsigned long vcpu_id = cp->a1; ++ ++ vcpu->arch.is_confidential_vm = 1; ++ vcpu->arch.confidential_vm_id = confidential_vm_id; ++ vcpu->arch.vcpu_id = vcpu_id; ++ ++ printk(KERN_INFO "ACE KVM: registered new confidential VM id=%ld\n", confidential_vm_id); ++ ++ return 0; ++} ++ ++static int kvm_sbi_ace_page_in(struct kvm_vcpu *vcpu, struct kvm_vcpu_sbi_return *retdata) ++{ ++ struct kvm_cpu_context *cp = &vcpu->arch.guest_context; ++ unsigned long confidential_vm_id = vcpu->arch.confidential_vm_id; ++ unsigned long hart_id = vcpu->arch.vcpu_id; ++ unsigned long virt_addr = cp->a0; ++ unsigned long is_error = 0; ++ int page_size = 4096; ++ struct sbiret result; ++ bool writable; ++ ++ gpa_t gpa = virt_addr; ++ gfn_t gfn = gpa >> PAGE_SHIFT; ++ ++ struct kvm_memory_slot *memslot = gfn_to_memslot(vcpu->kvm, gfn); ++ phys_addr_t hva = gfn_to_hva_memslot_prot(memslot, gfn, &writable); ++ kvm_riscv_gstage_map(vcpu, memslot, gpa, hva, true); ++ unsigned long hfn = gfn_to_pfn_prot(vcpu->kvm, gfn, true, NULL); ++ phys_addr_t hpa = hfn << PAGE_SHIFT; ++ ++ struct kvm_cpu_context *reset_cntx = &vcpu->arch.guest_reset_context; ++ retdata->out_val = hpa; ++ ++ return 0; ++} ++ ++static int kvm_sbi_ext_ace_handler(struct kvm_vcpu *vcpu, struct kvm_run *run, ++ struct kvm_vcpu_sbi_return *retdata) ++{ ++ int ret = 0; ++ struct kvm_cpu_context *cp = &vcpu->arch.guest_context; ++ struct kvm *kvm = vcpu->kvm; ++ unsigned long funcid = cp->a6; ++ ++ switch (funcid) { ++ case SBI_EXT_ACE_LOAD_ALL_PAGES: ++ mutex_lock(&kvm->lock); ++ ret = kvm_sbi_ace_load_all_pages(vcpu); ++ mutex_unlock(&kvm->lock); ++ break; ++ case SBI_EXT_ACE_REGISTER_SVM: ++ mutex_lock(&kvm->lock); ++ ret = kvm_sbi_ace_register_svm(vcpu); ++ mutex_unlock(&kvm->lock); ++ break; ++ case SBI_EXT_ACE_PAGE_IN: ++ mutex_lock(&kvm->lock); ++ ret = kvm_sbi_ace_page_in(vcpu, retdata); ++ mutex_unlock(&kvm->lock); ++ break; ++ default: ++ ret = SBI_ERR_NOT_SUPPORTED; ++ } ++ ++ retdata->err_val = ret; ++ ++ return 0; ++} ++ ++const struct kvm_vcpu_sbi_extension vcpu_sbi_ext_ace = { ++ .extid_start = SBI_EXT_ACE, ++ .extid_end = SBI_EXT_ACE, ++ .handler = kvm_sbi_ext_ace_handler, ++}; +diff --git a/arch/riscv/kvm/vcpu_sbi_hsm.c b/arch/riscv/kvm/vcpu_sbi_hsm.c +index 7dca0e9381d9..4507f99e07fb 100644 +--- a/arch/riscv/kvm/vcpu_sbi_hsm.c ++++ b/arch/riscv/kvm/vcpu_sbi_hsm.c +@@ -32,6 +32,13 @@ static int kvm_sbi_hsm_vcpu_start(struct kvm_vcpu *vcpu) + reset_cntx->a0 = target_vcpuid; + /* private data passed from kernel */ + reset_cntx->a1 = cp->a2; ++ ++ if (vcpu->arch.is_confidential_vm) { ++ printk(KERN_INFO "ACE KVM: starting new vcpu\n"); ++ target_vcpu->arch.is_confidential_vm = 1; ++ target_vcpu->arch.confidential_vm_id = vcpu->arch.confidential_vm_id; ++ target_vcpu->arch.vcpu_id = target_vcpuid; ++ } + kvm_make_request(KVM_REQ_VCPU_RESET, target_vcpu); + + kvm_riscv_vcpu_power_on(target_vcpu); +diff --git a/arch/riscv/kvm/vcpu_switch.S b/arch/riscv/kvm/vcpu_switch.S +index 0c26189aa01c..a570bc94b76b 100644 +--- a/arch/riscv/kvm/vcpu_switch.S ++++ b/arch/riscv/kvm/vcpu_switch.S +@@ -210,6 +210,216 @@ SYM_FUNC_START(__kvm_riscv_switch_to) + ret + SYM_FUNC_END(__kvm_riscv_switch_to) + ++# ACE START, ++# a0 - address of the vcpu->arch ++# a1 - SM-call function ID ++# a2 - first argument of the SM-call ++SYM_CODE_START(__kvm_riscv_ace_switch_to) ++ /* Save Host GPRs (except A0 and T0-T6) */ ++ REG_S ra, (KVM_ARCH_HOST_RA)(a0) ++ REG_S sp, (KVM_ARCH_HOST_SP)(a0) ++ REG_S gp, (KVM_ARCH_HOST_GP)(a0) ++ REG_S tp, (KVM_ARCH_HOST_TP)(a0) ++ REG_S s0, (KVM_ARCH_HOST_S0)(a0) ++ REG_S s1, (KVM_ARCH_HOST_S1)(a0) ++ REG_S a1, (KVM_ARCH_HOST_A1)(a0) ++ REG_S a2, (KVM_ARCH_HOST_A2)(a0) ++ REG_S a3, (KVM_ARCH_HOST_A3)(a0) ++ REG_S a4, (KVM_ARCH_HOST_A4)(a0) ++ REG_S a5, (KVM_ARCH_HOST_A5)(a0) ++ REG_S a6, (KVM_ARCH_HOST_A6)(a0) ++ REG_S a7, (KVM_ARCH_HOST_A7)(a0) ++ REG_S s2, (KVM_ARCH_HOST_S2)(a0) ++ REG_S s3, (KVM_ARCH_HOST_S3)(a0) ++ REG_S s4, (KVM_ARCH_HOST_S4)(a0) ++ REG_S s5, (KVM_ARCH_HOST_S5)(a0) ++ REG_S s6, (KVM_ARCH_HOST_S6)(a0) ++ REG_S s7, (KVM_ARCH_HOST_S7)(a0) ++ REG_S s8, (KVM_ARCH_HOST_S8)(a0) ++ REG_S s9, (KVM_ARCH_HOST_S9)(a0) ++ REG_S s10, (KVM_ARCH_HOST_S10)(a0) ++ REG_S s11, (KVM_ARCH_HOST_S11)(a0) ++ ++ /* Load Guest CSR values */ ++ REG_L t0, (KVM_ARCH_GUEST_SSTATUS)(a0) ++ REG_L t1, (KVM_ARCH_GUEST_HSTATUS)(a0) ++ REG_L t2, (KVM_ARCH_GUEST_SCOUNTEREN)(a0) ++ la t4, __kvm_ace_switch_return ++ REG_L t5, (KVM_ARCH_GUEST_SEPC)(a0) ++ ++ /* Save Host and Restore Guest SSTATUS */ ++ csrrw t0, CSR_SSTATUS, t0 ++ ++ /* Save Host and Restore Guest HSTATUS */ ++ csrrw t1, CSR_HSTATUS, t1 ++ ++ /* Save Host and Restore Guest SCOUNTEREN */ ++ csrrw t2, CSR_SCOUNTEREN, t2 ++ ++ /* Save Host STVEC and change it to return path */ ++ csrrw t4, CSR_STVEC, t4 ++ ++ /* Save Host SSCRATCH and change it to struct kvm_vcpu_arch pointer */ ++ csrrw t3, CSR_SSCRATCH, a0 ++ ++ /* Restore Guest SEPC */ ++ csrw CSR_SEPC, t5 ++ ++ /* Store Host CSR values */ ++ REG_S t0, (KVM_ARCH_HOST_SSTATUS)(a0) ++ REG_S t1, (KVM_ARCH_HOST_HSTATUS)(a0) ++ REG_S t2, (KVM_ARCH_HOST_SCOUNTEREN)(a0) ++ REG_S t3, (KVM_ARCH_HOST_SSCRATCH)(a0) ++ REG_S t4, (KVM_ARCH_HOST_STVEC)(a0) ++ ++ # invoke security monitor resume sm-call ++ li a7, 0x510000 # ACE_EXT_ID that identifies SM-call ++ add a6, a1, 0 # function ID ++ add t0, a2, 0 # first argument of the SM-call ++ add t1, a3, 0 # 2nd argument of the SM-call ++ add t2, a4, 0 # 3rd argument of the SM-call ++ add t3, a5, 0 # 4th argument of the SM-call ++ ++ /* Restore Guest GPRs (except A0) */ ++ REG_L ra, (KVM_ARCH_GUEST_RA)(a0) ++ REG_L sp, (KVM_ARCH_GUEST_SP)(a0) ++ REG_L gp, (KVM_ARCH_GUEST_GP)(a0) ++ REG_L tp, (KVM_ARCH_GUEST_TP)(a0) ++ # our convention: we use t0-t5 as arguments to ACE ++ # because a0-a5 is used by KVM for hcalls, mmio etc ++ # REG_L t0, (KVM_ARCH_GUEST_T0)(a0) ++ # REG_L t1, (KVM_ARCH_GUEST_T1)(a0) ++ # REG_L t2, (KVM_ARCH_GUEST_T2)(a0) ++ REG_L s0, (KVM_ARCH_GUEST_S0)(a0) ++ REG_L s1, (KVM_ARCH_GUEST_S1)(a0) ++ REG_L a1, (KVM_ARCH_GUEST_A1)(a0) ++ REG_L a2, (KVM_ARCH_GUEST_A2)(a0) ++ REG_L a3, (KVM_ARCH_GUEST_A3)(a0) ++ REG_L a4, (KVM_ARCH_GUEST_A4)(a0) ++ REG_L a5, (KVM_ARCH_GUEST_A5)(a0) ++ # REG_L a6, (KVM_ARCH_GUEST_A6)(a0) ++ # REG_L a7, (KVM_ARCH_GUEST_A7)(a0) ++ REG_L s2, (KVM_ARCH_GUEST_S2)(a0) ++ REG_L s3, (KVM_ARCH_GUEST_S3)(a0) ++ REG_L s4, (KVM_ARCH_GUEST_S4)(a0) ++ REG_L s5, (KVM_ARCH_GUEST_S5)(a0) ++ REG_L s6, (KVM_ARCH_GUEST_S6)(a0) ++ REG_L s7, (KVM_ARCH_GUEST_S7)(a0) ++ REG_L s8, (KVM_ARCH_GUEST_S8)(a0) ++ REG_L s9, (KVM_ARCH_GUEST_S9)(a0) ++ REG_L s10, (KVM_ARCH_GUEST_S10)(a0) ++ REG_L s11, (KVM_ARCH_GUEST_S11)(a0) ++ # REG_L t3, (KVM_ARCH_GUEST_T3)(a0) ++ # REG_L t4, (KVM_ARCH_GUEST_T4)(a0) ++ # REG_L t5, (KVM_ARCH_GUEST_T5)(a0) ++ # REG_L t6, (KVM_ARCH_GUEST_T6)(a0) ++ ++ REG_L a0, (KVM_ARCH_GUEST_A0)(a0) ++ ++ /* Resume Guest */ ++ ecall ++ ++ /* Back to Host */ ++ .align 4 ++__kvm_ace_switch_return: ++ /* Swap Guest A0 with SSCRATCH */ ++ csrrw a0, CSR_SSCRATCH, a0 ++ ++ /* Save Guest GPRs (except A0) */ ++ REG_S ra, (KVM_ARCH_GUEST_RA)(a0) ++ REG_S sp, (KVM_ARCH_GUEST_SP)(a0) ++ REG_S gp, (KVM_ARCH_GUEST_GP)(a0) ++ REG_S tp, (KVM_ARCH_GUEST_TP)(a0) ++ REG_S t0, (KVM_ARCH_GUEST_T0)(a0) ++ REG_S t1, (KVM_ARCH_GUEST_T1)(a0) ++ REG_S t2, (KVM_ARCH_GUEST_T2)(a0) ++ REG_S s0, (KVM_ARCH_GUEST_S0)(a0) ++ REG_S s1, (KVM_ARCH_GUEST_S1)(a0) ++ REG_S a1, (KVM_ARCH_GUEST_A1)(a0) ++ REG_S a2, (KVM_ARCH_GUEST_A2)(a0) ++ REG_S a3, (KVM_ARCH_GUEST_A3)(a0) ++ REG_S a4, (KVM_ARCH_GUEST_A4)(a0) ++ REG_S a5, (KVM_ARCH_GUEST_A5)(a0) ++ REG_S a6, (KVM_ARCH_GUEST_A6)(a0) ++ REG_S a7, (KVM_ARCH_GUEST_A7)(a0) ++ REG_S s2, (KVM_ARCH_GUEST_S2)(a0) ++ REG_S s3, (KVM_ARCH_GUEST_S3)(a0) ++ REG_S s4, (KVM_ARCH_GUEST_S4)(a0) ++ REG_S s5, (KVM_ARCH_GUEST_S5)(a0) ++ REG_S s6, (KVM_ARCH_GUEST_S6)(a0) ++ REG_S s7, (KVM_ARCH_GUEST_S7)(a0) ++ REG_S s8, (KVM_ARCH_GUEST_S8)(a0) ++ REG_S s9, (KVM_ARCH_GUEST_S9)(a0) ++ REG_S s10, (KVM_ARCH_GUEST_S10)(a0) ++ REG_S s11, (KVM_ARCH_GUEST_S11)(a0) ++ REG_S t3, (KVM_ARCH_GUEST_T3)(a0) ++ REG_S t4, (KVM_ARCH_GUEST_T4)(a0) ++ REG_S t5, (KVM_ARCH_GUEST_T5)(a0) ++ REG_S t6, (KVM_ARCH_GUEST_T6)(a0) ++ ++ /* Load Host CSR values */ ++ REG_L t1, (KVM_ARCH_HOST_STVEC)(a0) ++ REG_L t2, (KVM_ARCH_HOST_SSCRATCH)(a0) ++ REG_L t3, (KVM_ARCH_HOST_SCOUNTEREN)(a0) ++ REG_L t4, (KVM_ARCH_HOST_HSTATUS)(a0) ++ REG_L t5, (KVM_ARCH_HOST_SSTATUS)(a0) ++ ++ /* Save Guest SEPC */ ++ csrr t0, CSR_SEPC ++ ++ /* Save Guest A0 and Restore Host SSCRATCH */ ++ csrrw t2, CSR_SSCRATCH, t2 ++ ++ /* Restore Host STVEC */ ++ csrw CSR_STVEC, t1 ++ ++ /* Save Guest and Restore Host SCOUNTEREN */ ++ csrrw t3, CSR_SCOUNTEREN, t3 ++ ++ /* Save Guest and Restore Host HSTATUS */ ++ csrrw t4, CSR_HSTATUS, t4 ++ ++ /* Save Guest and Restore Host SSTATUS */ ++ csrrw t5, CSR_SSTATUS, t5 ++ ++ /* Store Guest CSR values */ ++ REG_S t0, (KVM_ARCH_GUEST_SEPC)(a0) ++ REG_S t2, (KVM_ARCH_GUEST_A0)(a0) ++ REG_S t3, (KVM_ARCH_GUEST_SCOUNTEREN)(a0) ++ REG_S t4, (KVM_ARCH_GUEST_HSTATUS)(a0) ++ REG_S t5, (KVM_ARCH_GUEST_SSTATUS)(a0) ++ ++ /* Restore Host GPRs (except A0 and T0-T6) */ ++ REG_L ra, (KVM_ARCH_HOST_RA)(a0) ++ REG_L sp, (KVM_ARCH_HOST_SP)(a0) ++ REG_L gp, (KVM_ARCH_HOST_GP)(a0) ++ REG_L tp, (KVM_ARCH_HOST_TP)(a0) ++ REG_L s0, (KVM_ARCH_HOST_S0)(a0) ++ REG_L s1, (KVM_ARCH_HOST_S1)(a0) ++ REG_L a1, (KVM_ARCH_HOST_A1)(a0) ++ REG_L a2, (KVM_ARCH_HOST_A2)(a0) ++ REG_L a3, (KVM_ARCH_HOST_A3)(a0) ++ REG_L a4, (KVM_ARCH_HOST_A4)(a0) ++ REG_L a5, (KVM_ARCH_HOST_A5)(a0) ++ REG_L a6, (KVM_ARCH_HOST_A6)(a0) ++ REG_L a7, (KVM_ARCH_HOST_A7)(a0) ++ REG_L s2, (KVM_ARCH_HOST_S2)(a0) ++ REG_L s3, (KVM_ARCH_HOST_S3)(a0) ++ REG_L s4, (KVM_ARCH_HOST_S4)(a0) ++ REG_L s5, (KVM_ARCH_HOST_S5)(a0) ++ REG_L s6, (KVM_ARCH_HOST_S6)(a0) ++ REG_L s7, (KVM_ARCH_HOST_S7)(a0) ++ REG_L s8, (KVM_ARCH_HOST_S8)(a0) ++ REG_L s9, (KVM_ARCH_HOST_S9)(a0) ++ REG_L s10, (KVM_ARCH_HOST_S10)(a0) ++ REG_L s11, (KVM_ARCH_HOST_S11)(a0) ++ ++ /* Return to C code */ ++ ret ++SYM_FUNC_END(__kvm_riscv_ace_switch_to) ++ ++# ACE END ++ + SYM_CODE_START(__kvm_riscv_unpriv_trap) + /* + * We assume that faulting unpriv load/store instruction is +diff --git a/tools/testing/selftests/kvm/riscv/get-reg-list.c b/tools/testing/selftests/kvm/riscv/get-reg-list.c +index 4fd0f8951574..60b45df69fd4 100644 +--- a/tools/testing/selftests/kvm/riscv/get-reg-list.c ++++ b/tools/testing/selftests/kvm/riscv/get-reg-list.c +@@ -519,6 +519,7 @@ static const char *sbi_ext_single_id_to_str(__u64 reg_off) + KVM_SBI_EXT_ARR(KVM_RISCV_SBI_EXT_STA), + KVM_SBI_EXT_ARR(KVM_RISCV_SBI_EXT_EXPERIMENTAL), + KVM_SBI_EXT_ARR(KVM_RISCV_SBI_EXT_VENDOR), ++ KVM_SBI_EXT_ARR(KVM_RISCV_SBI_EXT_ACE), + KVM_SBI_EXT_ARR(KVM_RISCV_SBI_EXT_DBCN), + }; + +@@ -735,6 +736,7 @@ static __u64 sbi_base_regs[] = { + KVM_REG_RISCV | KVM_REG_SIZE_ULONG | KVM_REG_RISCV_SBI_EXT | KVM_REG_RISCV_SBI_SINGLE | KVM_RISCV_SBI_EXT_HSM, + KVM_REG_RISCV | KVM_REG_SIZE_ULONG | KVM_REG_RISCV_SBI_EXT | KVM_REG_RISCV_SBI_SINGLE | KVM_RISCV_SBI_EXT_EXPERIMENTAL, + KVM_REG_RISCV | KVM_REG_SIZE_ULONG | KVM_REG_RISCV_SBI_EXT | KVM_REG_RISCV_SBI_SINGLE | KVM_RISCV_SBI_EXT_VENDOR, ++ KVM_REG_RISCV | KVM_REG_SIZE_ULONG | KVM_REG_RISCV_SBI_EXT | KVM_REG_RISCV_SBI_SINGLE | KVM_RISCV_SBI_EXT_ACE, + }; + + static __u64 sbi_sta_regs[] = { diff --git a/hypervisor/rootfs/ace-kernel-module/Makefile b/hypervisor/rootfs/ace-kernel-module/Makefile deleted file mode 100644 index 12d8028..0000000 --- a/hypervisor/rootfs/ace-kernel-module/Makefile +++ /dev/null @@ -1,27 +0,0 @@ -CONFIG_MODULE_SIG=n - -startstop-objs := start.o stop.o -obj-m += ace.o - -ifeq ($(CONFIG_STATUS_CHECK_GCC),y) - CC=$(STATUS_CHECK_GCC) - ccflags-y += -fanalyzer -endif - -KDIR ?= /lib/modules/$(shell uname -r)/build -PWD := $(CURDIR) - -default: - $(MAKE) -C $(KDIR) CC="$(CC)" M="$(PWD)" modules - rm -f .Module* .modules* .ace* *.symvers *.order ace.mod.* *.o *.mod - -load: - @insmod ace.ko - -clean: - $(MAKE) -C /lib/modules/$(shell uname -r)/build CC="$(CC)" M="$(PWD)" clean - $(RM) other/cat_noblock *.plist - -indent: - clang-format -i *[.ch] - clang-format -i other/*[.ch] \ No newline at end of file diff --git a/hypervisor/rootfs/ace-kernel-module/ace.c b/hypervisor/rootfs/ace-kernel-module/ace.c deleted file mode 100644 index 858cc7f..0000000 --- a/hypervisor/rootfs/ace-kernel-module/ace.c +++ /dev/null @@ -1,41 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include /* usleep_range */ -#include -#include /* single_open, single_release */ -#include /* kmalloc, kfree */ - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Wojciech Ozga "); - -static ulong address = 0x80000000; -static ulong size = 0x1; - -module_param(address, ulong, 0660); -module_param(size, ulong, 0660); - -static int ace_init(void){ - ulong i; - uint64_t volatile *virt_addr; - uint64_t value; - - printk(KERN_WARNING "ACE: Reading addresses: 0x%lx - 0x%lx", address, address+size); - - for (i=0; i, IBM Research - Zurich # SPDX-License-Identifier: Apache-2.0 -function run_baremetal() { +function run_confidential_vm() { fallocate -l 128M hdd.dsk - qemu-system-riscv64 -machine virt -cpu rv64 -smp 2 -m 128M \ + KERNEL_IMAGE=$1 + NUMBER_OF_CORES=$2 + MEMORY_SIZE=$3 + + qemu-system-riscv64 -machine virt -cpu rv64 -smp $NUMBER_OF_CORES -m $MEMORY_SIZE \ --enable-kvm \ -drive if=none,format=raw,file=hdd.dsk,id=foo \ -device virtio-blk-device,scsi=off,drive=foo -nographic -bios none \ -device virtio-rng-device \ - -kernel baremetal & + -kernel $KERNEL_IMAGE & } -function kill_baremetal() { +function kill_confidential_vm() { PID="$(pidof qemu-system-riscv64)" kill -9 $PID wait $PID 2>/dev/null diff --git a/hypervisor/rootfs/load-module.sh b/hypervisor/rootfs/load-module.sh deleted file mode 100755 index 4a295bd..0000000 --- a/hypervisor/rootfs/load-module.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -# SPDX-FileCopyrightText: 2023 IBM Corporation -# SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich -# SPDX-License-Identifier: Apache-2.0 -insmod ace-kernel-module/ace.ko \ No newline at end of file diff --git a/hypervisor/rootfs/test_secure_memory.sh b/hypervisor/rootfs/test_secure_memory.sh deleted file mode 100755 index 5b3f729..0000000 --- a/hypervisor/rootfs/test_secure_memory.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash -# SPDX-FileCopyrightText: 2023 IBM Corporation -# SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich -# SPDX-License-Identifier: Apache-2.0 - -insmod ace-kernel-module/ace.ko address=$1 \ No newline at end of file diff --git a/security-monitor/Makefile b/security-monitor/Makefile index 3b9df53..c049b9b 100644 --- a/security-monitor/Makefile +++ b/security-monitor/Makefile @@ -16,8 +16,9 @@ ACE_DIR := $(if $(ACE_DIR),$(ACE_DIR),$(MAKEFILE_SOURCE_DIR)../build/target/) SM_WORK_DIR=$(ACE_DIR)/security-monitor PLATFORM_SOURCE_DIR=$(MAKEFILE_SOURCE_DIR)/platform OPENSBI_SOURCE_DIR=$(MAKEFILE_SOURCE_DIR)/opensbi -OPENSBI_WORK_DIR=$(ACE_DIR)/opensbi -OPENSBI_SYS_WORK_DIR=$(ACE_DIR)/opensbi_bindings +OPENSBI_WORK_DIR=$(SM_WORK_DIR)/opensbi +OPENSBI_SYS_WORK_DIR=$(SM_WORK_DIR)/opensbi_bindings +OPENSBI_PATCH = $(PLATFORM_SOURCE_DIR)/opensbi_v1.4.patch PLATFORM_RISCV_ABI ?= lp64d PLATFORM_RISCV_ISA ?= rv64gc @@ -27,6 +28,7 @@ CROSS_COMPILE ?= riscv64-unknown-linux-gnu- all: audit opensbi_bindings build build: opensbi_bindings fmt + echo "Generating OpenSBI bindings" ;\ mkdir -p $(SM_WORK_DIR) ; \ RUSTFLAGS='$(RUSTFLAGS)' CARGO_TARGET_DIR=$(SM_WORK_DIR) INSTALL_DIR=$(ACE_DIR) $(CARGO) build $(RELEASE) $(TARGET) --features verbose ; \ cp $(SM_WORK_DIR)/$(CHAIN)/release/$(EXEC_NAME) $(SM_WORK_DIR)/ ; \ @@ -36,21 +38,26 @@ refinedrust: build RUSTFLAGS='$(RUSTFLAGS)' CARGO_TARGET_DIR=$(SM_WORK_DIR) INSTALL_DIR=$(ACE_DIR) $(CARGO) refinedrust $(RELEASE) $(TARGET) --features verbose debug: opensbi_bindings + echo "Compiling the security monitor in DEBUG mode" ;\ mkdir -p $(SM_WORK_DIR) ; \ RUSTFLAGS='$(RUSTFLAGS)' CARGO_TARGET_DIR=$(SM_WORK_DIR) INSTALL_DIR=$(ACE_DIR) $(CARGO) build $(TARGET) --features verbose ; \ cp $(SM_WORK_DIR)/$(CHAIN)/debug/$(EXEC_NAME)* $(SM_WORK_DIR)/ ; \ rm -rf $(OPENSBI_WORK_DIR)/ opensbi: build + echo "Compiling OpenSBI" ;\ if ! grep -q ace_setup_this_hart "$(OPENSBI_SOURCE_DIR)/lib/sbi/sbi_hart.c"; then \ - cd $(OPENSBI_SOURCE_DIR); git apply --whitespace=fix $(PLATFORM_SOURCE_DIR)/opensbi_v1.4.patch; cd $(MAKEFILE_SOURCE_DIR); \ - fi; \ - mkdir -p $(OPENSBI_WORK_DIR) ; \ + echo "Applying patches to OpenSBI" ;\ + cd $(OPENSBI_SOURCE_DIR); git apply --whitespace=fix $(OPENSBI_PATCH); cd $(MAKEFILE_SOURCE_DIR);\ + fi ;\ + mkdir -p $(OPENSBI_WORK_DIR) ;\ SM_WORK_DIR=$(SM_WORK_DIR) $(MAKE) -j$(nproc) -C $(OPENSBI_SOURCE_DIR) O=$(OPENSBI_WORK_DIR) PLATFORM_DIR="$(PLATFORM_SOURCE_DIR)" PLATFORM="generic" CROSS_COMPILE=$(CROSS_COMPILE) FW_PAYLOAD_PATH=$(LINUX_IMAGE) FW_PAYLOAD=y PLATFORM_RISCV_XLEN=$(PLATFORM_RISCV_XLEN) PLATFORM_RISCV_ISA=$(PLATFORM_RISCV_ISA) PLATFORM_RISCV_ABI=$(PLATFORM_RISCV_ABI) opensbi_bindings: + echo "Compiling OpenSBI bindings" ;\ if grep -q ace_setup_this_hart "$(OPENSBI_SOURCE_DIR)/lib/sbi/sbi_hart.c"; then \ - cd $(OPENSBI_SOURCE_DIR); git apply -R --whitespace=fix $(PLATFORM_SOURCE_DIR)/opensbi_v1.4.patch; cd $(MAKEFILE_SOURCE_DIR); \ + echo "Applying patches to OpenSBI bindings" ;\ + cd $(OPENSBI_SOURCE_DIR); git apply -R --whitespace=fix $(OPENSBI_PATCH); cd $(MAKEFILE_SOURCE_DIR); \ fi; \ INSTALL_DIR=$(ACE_DIR) OPENSBI_SOURCE_DIR=$(OPENSBI_SOURCE_DIR) CROSS_COMPILE=$(CROSS_COMPILE) ./rust-crates/opensbi.sh diff --git a/security-monitor/platform/generic/configs/defconfig b/security-monitor/platform/generic/configs/defconfig index 4abd49c..6a77d3a 100644 --- a/security-monitor/platform/generic/configs/defconfig +++ b/security-monitor/platform/generic/configs/defconfig @@ -1,16 +1,16 @@ -CONFIG_FDT_GPIO=y -CONFIG_FDT_I2C=y +//CONFIG_FDT_GPIO=y +//CONFIG_FDT_I2C=y CONFIG_FDT_IPI=y -CONFIG_FDT_IRQCHIP=y -CONFIG_FDT_IRQCHIP_APLIC=y +//CONFIG_FDT_IRQCHIP=y +//CONFIG_FDT_IRQCHIP_APLIC=y CONFIG_FDT_IRQCHIP_PLIC=y -CONFIG_FDT_REGMAP=y -CONFIG_FDT_REGMAP_SYSCON=y +//CONFIG_FDT_REGMAP=y +//CONFIG_FDT_REGMAP_SYSCON=y CONFIG_FDT_RESET=y -CONFIG_FDT_RESET_GPIO=y -CONFIG_FDT_RESET_SYSCON=y +//CONFIG_FDT_RESET_GPIO=y +//CONFIG_FDT_RESET_SYSCON=y CONFIG_FDT_SERIAL=y CONFIG_FDT_SERIAL_UART8250=y CONFIG_FDT_TIMER=y CONFIG_FDT_TIMER_MTIMER=y -CONFIG_FDT_TIMER_PLMT=y +//CONFIG_FDT_TIMER_PLMT=y diff --git a/security-monitor/platform/opensbi_v1.4.patch b/security-monitor/platform/opensbi_v1.4.patch index 74bfb02..079bfa0 100644 --- a/security-monitor/platform/opensbi_v1.4.patch +++ b/security-monitor/platform/opensbi_v1.4.patch @@ -1,57 +1,48 @@ diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c -index 770fee0..fa87f0d 100644 +index 770fee0..663eec7 100644 --- a/lib/sbi/sbi_hart.c +++ b/lib/sbi/sbi_hart.c -@@ -26,6 +26,7 @@ +@@ -24,6 +24,7 @@ + #include + #include ++extern void ace_setup_this_hart(); extern void __sbi_expected_trap(void); extern void __sbi_expected_trap_hext(void); -+extern void ace_setup_this_hart(); - - void (*sbi_hart_expected_trap)(void) = &__sbi_expected_trap; -@@ -369,7 +370,10 @@ static int sbi_hart_smepmp_configure(struct sbi_scratch *scratch, +@@ -369,7 +370,7 @@ static int sbi_hart_smepmp_configure(struct sbi_scratch *scratch, pmp_disable(SBI_SMEPMP_RESV_ENTRY); /* Program M-only regions when MML is not set. */ - pmp_idx = 0; -+ // ACE start -+ // we need first two PMP entries to protect the confidential memory + pmp_idx = 2; -+ // ACE end sbi_domain_for_each_memregion(dom, reg) { /* Skip reserved entry */ if (pmp_idx == SBI_SMEPMP_RESV_ENTRY) -@@ -432,7 +436,10 @@ static int sbi_hart_oldpmp_configure(struct sbi_scratch *scratch, +@@ -395,7 +396,7 @@ static int sbi_hart_smepmp_configure(struct sbi_scratch *scratch, + csr_set(CSR_MSECCFG, MSECCFG_MML); + + /* Program shared and SU-only regions */ +- pmp_idx = 0; ++ pmp_idx = 2; + sbi_domain_for_each_memregion(dom, reg) { + /* Skip reserved entry */ + if (pmp_idx == SBI_SMEPMP_RESV_ENTRY) +@@ -432,7 +433,7 @@ static int sbi_hart_oldpmp_configure(struct sbi_scratch *scratch, { struct sbi_domain_memregion *reg; struct sbi_domain *dom = sbi_domain_thishart_ptr(); - unsigned int pmp_idx = 0; -+ // ACE start -+ // we need first two PMP entries to protect the confidential memory + unsigned int pmp_idx = 2; -+ // ACE end unsigned int pmp_flags; unsigned long pmp_addr; -@@ -523,6 +530,11 @@ int sbi_hart_pmp_configure(struct sbi_scratch *scratch) - if (!pmp_count) - return 0; - -+ // ACE START -+ // we need 2 pmps to protect confidential memory region -+ pmp_count = pmp_count - 2; -+ // ACE END -+ - pmp_log2gran = sbi_hart_pmp_log2gran(scratch); - pmp_bits = sbi_hart_pmp_addrbits(scratch) - 1; - pmp_addr_max = (1UL << pmp_bits) | ((1UL << pmp_bits) - 1); -@@ -534,6 +546,10 @@ int sbi_hart_pmp_configure(struct sbi_scratch *scratch) +@@ -534,6 +535,10 @@ int sbi_hart_pmp_configure(struct sbi_scratch *scratch) rc = sbi_hart_oldpmp_configure(scratch, pmp_count, pmp_log2gran, pmp_addr_max); + // ACE START -+ // temporal hack to reconfigure after OpenSBI does it. ++ // temporal hack to reconfigure PMPs after they have been reconfigured by OpenSBI. + ace_setup_this_hart(); + // ACE END /* diff --git a/security-monitor/src/confidential_flow/context_switch/mod.rs b/security-monitor/src/confidential_flow/context_switch/mod.rs index 31ee848..f0b9301 100644 --- a/security-monitor/src/confidential_flow/context_switch/mod.rs +++ b/security-monitor/src/confidential_flow/context_switch/mod.rs @@ -12,7 +12,7 @@ use crate::core::control_data::HardwareHart; #[no_mangle] extern "C" fn enter_from_confidential_hart(hart_ptr: *mut HardwareHart) -> ! { let hart = unsafe { hart_ptr.as_mut().expect(crate::error::CTX_SWITCH_ERROR_MSG) }; - ConfidentialFlow::create(hart).route() + ConfidentialFlow::create(hart).route(); } core::arch::global_asm!( diff --git a/security-monitor/src/confidential_flow/control_flow/mod.rs b/security-monitor/src/confidential_flow/control_flow/mod.rs index 889ce6e..d0be9e4 100644 --- a/security-monitor/src/confidential_flow/control_flow/mod.rs +++ b/security-monitor/src/confidential_flow/control_flow/mod.rs @@ -64,6 +64,7 @@ impl<'a> ConfidentialFlow<'a> { Interrupt => interrupt::handle(self), VsEcall(Ace(SharePageWithHypervisor)) => share_page::handle(confidential_hart.share_page_request(), self), VsEcall(Ace(StopSharingPageWithHypervisor)) => unshare_page::handle(confidential_hart.unshare_page_request(), self), + VsEcall(Ace(PrintDebugInfo)) => print_debug_info::handle(confidential_hart.hypercall_request(), self), VsEcall(Base(GetSpecVersion)) => hypercall::handle(confidential_hart.hypercall_request(), self), VsEcall(Base(GetImplId)) => hypercall::handle(confidential_hart.hypercall_request(), self), VsEcall(Base(GetImplVersion)) => hypercall::handle(confidential_hart.hypercall_request(), self), @@ -136,8 +137,9 @@ impl<'a> ConfidentialFlow<'a> { /// Returns error if sending an IPI to other confidential hart failed or if there is too many pending IPI queued. pub fn broadcast_inter_hart_request(&mut self, inter_hart_request: InterHartRequest) -> Result<(), Error> { ControlData::try_confidential_vm_mut(self.confidential_vm_id(), |mut confidential_vm| { - // for the time-being, we rely on the OpenSBI implementation of physical IPIs. To use OpenSBI functions we - // must set the mscratch register to the value expected by OpenSBI. + // Hack: For the time-being, we rely on the OpenSBI implementation of physical IPIs. To use OpenSBI functions we + // must set the mscratch register to the value expected by OpenSBI. We do it here, because we have access to the `HardwareHart` + // that knows the original value of the mscratch expected by OpenSBI. self.hardware_hart.swap_mscratch(); let result = confidential_vm.broadcast_inter_hart_request(inter_hart_request); // We must revert the content of mscratch back to the value expected by our context switched. @@ -157,8 +159,7 @@ impl<'a> ConfidentialFlow<'a> { inter_hart_requests.drain(..).map(|inter_hart_request| inter_hart_request.into_expose_to_confidential_vm()).for_each( |transformation| { // The confidential flow has an ownership of the confidential hart because the confidential hart - // is assigned to the hardware hart. This is why it is the confidential hart who processes inter - // hart requests and not the confidential VM. + // is assigned to the hardware hart. self.hardware_hart.confidential_hart_mut().apply(transformation); }, ); diff --git a/security-monitor/src/confidential_flow/handlers/mod.rs b/security-monitor/src/confidential_flow/handlers/mod.rs index 0fcafc0..e69325a 100644 --- a/security-monitor/src/confidential_flow/handlers/mod.rs +++ b/security-monitor/src/confidential_flow/handlers/mod.rs @@ -9,6 +9,7 @@ pub mod hypercall; pub mod hypercall_result; pub mod interrupt; pub mod invalid_call; +pub mod print_debug_info; pub mod sbi_hsm_hart_start; pub mod sbi_hsm_hart_status; pub mod sbi_hsm_hart_stop; diff --git a/security-monitor/src/confidential_flow/handlers/print_debug_info.rs b/security-monitor/src/confidential_flow/handlers/print_debug_info.rs new file mode 100644 index 0000000..e63ad9b --- /dev/null +++ b/security-monitor/src/confidential_flow/handlers/print_debug_info.rs @@ -0,0 +1,13 @@ +// SPDX-FileCopyrightText: 2023 IBM Corporation +// SPDX-FileContributor: Wojciech Ozga , IBM Research - Zurich +// SPDX-License-Identifier: Apache-2.0 +use crate::confidential_flow::ConfidentialFlow; +use crate::core::transformations::{ExposeToConfidentialVm, ExposeToHypervisor, PendingRequest, SbiRequest, SbiResult}; + +/// Handles a hypercall from a confidential hart to hypervisor. +pub fn handle(sbi_request: SbiRequest, confidential_flow: ConfidentialFlow) -> ! { + debug!("Debug: a0={} a1={} a2={}", sbi_request.a0(), sbi_request.a1(), sbi_request.a2()); + + let transformation = ExposeToConfidentialVm::SbiResult(SbiResult::success(0)); + confidential_flow.exit_to_confidential_hart(transformation) +} diff --git a/security-monitor/src/confidential_flow/handlers/share_page.rs b/security-monitor/src/confidential_flow/handlers/share_page.rs index 2a86d71..43f6eb8 100644 --- a/security-monitor/src/confidential_flow/handlers/share_page.rs +++ b/security-monitor/src/confidential_flow/handlers/share_page.rs @@ -12,17 +12,10 @@ use crate::error::Error; /// confidential hart if the request was invalid, e.g., the `guest physical address` was not correct. pub fn handle(request: Result<(SharePageRequest, SbiRequest), Error>, confidential_flow: ConfidentialFlow) -> ! { match request { - Ok((share_page_request, sbi_request)) => { - debug!( - "Confidential VM[{:?}] requested a shared page mapped to address [{:?}]", - confidential_flow.confidential_vm_id(), - share_page_request.confidential_vm_virtual_address() - ); - confidential_flow - .set_pending_request(PendingRequest::SharePage(share_page_request)) - .into_non_confidential_flow() - .exit_to_hypervisor(ExposeToHypervisor::SbiRequest(sbi_request)) - } + Ok((share_page_request, sbi_request)) => confidential_flow + .set_pending_request(PendingRequest::SharePage(share_page_request)) + .into_non_confidential_flow() + .exit_to_hypervisor(ExposeToHypervisor::SbiRequest(sbi_request)), Err(error) => confidential_flow.exit_to_confidential_hart(error.into_confidential_transformation()), } } diff --git a/security-monitor/src/confidential_flow/handlers/share_page_result.rs b/security-monitor/src/confidential_flow/handlers/share_page_result.rs index 28bce08..13962a6 100644 --- a/security-monitor/src/confidential_flow/handlers/share_page_result.rs +++ b/security-monitor/src/confidential_flow/handlers/share_page_result.rs @@ -24,12 +24,6 @@ pub fn handle(share_page_result: SharePageResult, confidential_flow: Confidentia Err(error) => confidential_flow.exit_to_confidential_hart(error.into_confidential_transformation()), }; - debug!( - "Hypervisor shared a page with the confidential VM [{:?}] at address [physical address=0x{:x}]", - confidential_vm_id, - share_page_result.hypervisor_page_address() - ); - let transformation = ControlData::try_confidential_vm_mut(confidential_vm_id, |mut confidential_vm| { confidential_vm.memory_protector_mut().map_shared_page(shared_page) }) diff --git a/security-monitor/src/core/architecture/riscv/sbi.rs b/security-monitor/src/core/architecture/riscv/sbi.rs index 05624a9..d7b6064 100644 --- a/security-monitor/src/core/architecture/riscv/sbi.rs +++ b/security-monitor/src/core/architecture/riscv/sbi.rs @@ -37,6 +37,7 @@ pub enum AceExtension { ConvertToConfidentialVm, ResumeConfidentialHart, TerminateConfidentialVm, + PrintDebugInfo, Unknown(usize, usize), } @@ -46,11 +47,12 @@ impl AceExtension { pub fn from_function_id(function_id: usize) -> Self { match function_id { - 2000 => Self::SharePageWithHypervisor, - 2001 => Self::StopSharingPageWithHypervisor, 1000 => Self::ConvertToConfidentialVm, 1010 => Self::ResumeConfidentialHart, + 2000 => Self::SharePageWithHypervisor, + 2001 => Self::StopSharingPageWithHypervisor, 3001 => Self::TerminateConfidentialVm, + 9000 => Self::PrintDebugInfo, _ => Self::Unknown(Self::EXTID, function_id), } } diff --git a/security-monitor/src/core/architecture/riscv/trap_reason.rs b/security-monitor/src/core/architecture/riscv/trap_reason.rs index c783d0b..b8fcae9 100644 --- a/security-monitor/src/core/architecture/riscv/trap_reason.rs +++ b/security-monitor/src/core/architecture/riscv/trap_reason.rs @@ -15,6 +15,7 @@ pub enum TrapReason { VsEcall(SbiExtension), HsEcall(SbiExtension), MachineEcall, + GuestInstructionPageFault, GuestLoadPageFault, GuestStorePageFault, Unknown, @@ -31,6 +32,7 @@ impl TrapReason { const HYPERVISOR_ECALL: usize = 9; const VIRTUAL_SUPERVISOR_ECALL: usize = 10; const MACHINE_ECALL: usize = 11; + const GUEST_INSTRUCTION_PAGE_FAULT: usize = 20; const GUEST_LOAD_PAGE_FAULT: usize = 21; const GUEST_STORE_PAGE_FAULT: usize = 23; @@ -48,6 +50,7 @@ impl TrapReason { Self::HYPERVISOR_ECALL => Self::HsEcall(SbiExtension::decode(hart_state)), Self::VIRTUAL_SUPERVISOR_ECALL => Self::VsEcall(SbiExtension::decode(hart_state)), Self::MACHINE_ECALL => Self::MachineEcall, + Self::GUEST_INSTRUCTION_PAGE_FAULT => Self::GuestInstructionPageFault, Self::GUEST_LOAD_PAGE_FAULT => Self::GuestLoadPageFault, Self::GUEST_STORE_PAGE_FAULT => Self::GuestStorePageFault, _ => Self::Unknown, diff --git a/security-monitor/src/core/heap_allocator/allocator.rs b/security-monitor/src/core/heap_allocator/allocator.rs index 48b7007..db2a2dd 100644 --- a/security-monitor/src/core/heap_allocator/allocator.rs +++ b/security-monitor/src/core/heap_allocator/allocator.rs @@ -26,31 +26,31 @@ impl LinkedListAllocator { pub fn add_free_memory_region(&mut self, base_address: *const usize, size: usize) { assert!(size < isize::MAX.try_into().unwrap()); assert!(base_address.is_aligned_to(mem::align_of::())); - if size >= mem::size_of::() { - let mut free_node = FreeMemoryRegion::new(size); - free_node.next = self.head.next.take(); - self.head.next = unsafe { - // Safety: casting to *mut FreeMemoryRegion is fine because the caller is giving the ownership - // of this memory region to us. - let node_pointer = base_address as *mut FreeMemoryRegion; - // Safety: we can write the whole FreeMemoryRegion because we checked in the beginning of this - // function that the memory region has enough space to hold the FreeMemoryRegion. - node_pointer.write(free_node); - Some(&mut *node_pointer) - } - } else { + if 0 < size && size < mem::size_of::() { + panic!("Memory leak?"); // Potential memory leak? To make sure there are no memory leaks here, we must guarantee that we // never allocate chunks smaller than the size of a FreeMemoryRegion structure } + + let mut free_node = FreeMemoryRegion::new(size); + free_node.next = self.head.next.take(); + self.head.next = unsafe { + // Safety: casting to *mut FreeMemoryRegion is fine because the caller is giving the ownership + // of this memory region to us. + let node_pointer = base_address as *mut FreeMemoryRegion; + // Safety: we can write the whole FreeMemoryRegion because we checked in the beginning of this + // function that the memory region has enough space to hold the FreeMemoryRegion. + node_pointer.write(free_node); + Some(&mut *node_pointer) + } } pub(self) fn find_free_memory_region(&mut self, size: usize, align: usize) -> Option<(*mut usize, *mut usize, usize)> { let mut current = &mut self.head; while let Some(ref mut region) = current.next { if let Ok((alloc_start, alloc_end, free_space_left)) = region.try_allocation(size, align) { - let next = region.next.take(); + current.next = region.next.take(); let ret = Some((alloc_start, alloc_end, free_space_left)); - current.next = next; return ret; } else { current = current.next.as_mut().unwrap(); @@ -88,7 +88,7 @@ impl FreeMemoryRegion { // We only allow allocating from the given region if there is enough space to reuse the resulting space for a // FreeMemoryRegion let free_space_left = ptr_byte_offset(self.end_address_ptr(), alloc_end); - assure!(free_space_left >= (mem::size_of::() as isize), Error::OutOfMemory())?; + assure!(free_space_left == 0 || free_space_left >= (mem::size_of::() as isize), Error::OutOfMemory())?; Ok((alloc_start, alloc_end, free_space_left as usize)) } @@ -102,6 +102,11 @@ impl FreeMemoryRegion { unsafe impl GlobalAlloc for HeapAllocator { unsafe fn alloc(&self, layout: Layout) -> *mut u8 { + let layout = if layout.size() < mem::size_of::() { + Layout::from_size_align(mem::size_of::(), layout.align()).unwrap() + } else { + layout + }; self.try_alloc(layout) } diff --git a/security-monitor/src/core/initialization/mod.rs b/security-monitor/src/core/initialization/mod.rs index 5fca1a3..b6116fd 100644 --- a/security-monitor/src/core/initialization/mod.rs +++ b/security-monitor/src/core/initialization/mod.rs @@ -140,7 +140,7 @@ fn initialize_memory_layout(fdt: &Fdt) -> Result<(ConfidentialMemoryAddress, *co fn initalize_security_monitor_state( confidential_memory_start: ConfidentialMemoryAddress, confidential_memory_end: *const usize, ) -> Result<(), Error> { - const NUMBER_OF_HEAP_PAGES: usize = 4 * 1024; + const NUMBER_OF_HEAP_PAGES: usize = 40 * 1024; // Safety: initialization order is crucial for safety because at some point we // start allocating objects on heap, e.g., page tokens. We have to first // initialize the global allocator, which permits us to use heap. To initialize heap @@ -198,12 +198,13 @@ extern "C" fn ace_setup_this_hart() { unsafe { core::arch::asm!("fence w,o") }; } + let hart_id = riscv::register::mhartid::read(); + debug!("Setting up physical HART [hart_id={}]", hart_id); + // OpenSBI requires that mscratch points to an internal OpenSBI's structure. We have to store this pointer during // init and restore it every time we delegate exception/interrupt to the Sbi firmware (e.g., OpenSbi). let mut harts = HARTS_STATES.get().expect(NOT_INITIALIZED_HARTS).lock(); - let hart_id = riscv::register::mhartid::read(); let hart = harts.get_mut(hart_id).expect(NOT_INITIALIZED_HART); - debug!("Setting up physical HART [hart_id={}]", hart_id); // The mscratch must point to the memory region when the security monitor stores the dumped states of // confidential harts. This is crucial for context switches because assembly code will use the mscratch diff --git a/security-monitor/src/core/memory_protector/confidential_vm_memory_protector.rs b/security-monitor/src/core/memory_protector/confidential_vm_memory_protector.rs index 09fe266..47ae9da 100644 --- a/security-monitor/src/core/memory_protector/confidential_vm_memory_protector.rs +++ b/security-monitor/src/core/memory_protector/confidential_vm_memory_protector.rs @@ -26,7 +26,6 @@ impl ConfidentialVmMemoryProtector { pub fn from_vm_state(hart_state: &HartArchitecturalState) -> Result { let hgatp = Hgatp::from(hart_state.hgatp); let root_page_table = mmu::copy_mmu_configuration_from_non_confidential_memory(hgatp)?; - Ok(Self { root_page_table, hgatp: 0 }) } diff --git a/security-monitor/src/core/memory_protector/mmu/mod.rs b/security-monitor/src/core/memory_protector/mmu/mod.rs index bd0f11e..9ba599d 100644 --- a/security-monitor/src/core/memory_protector/mmu/mod.rs +++ b/security-monitor/src/core/memory_protector/mmu/mod.rs @@ -18,10 +18,8 @@ mod paging_system; pub fn copy_mmu_configuration_from_non_confidential_memory(hgatp: Hgatp) -> Result { let paging_mode = hgatp.mode().ok_or_else(|| Error::UnsupportedPagingMode())?; let paging_system = PagingSystem::from(&paging_mode).ok_or_else(|| Error::UnsupportedPagingMode())?; - let root_page_address = NonConfidentialMemoryAddress::new(hgatp.address() as *mut usize)?; let root_page_table = RootPageTable::copy_from_non_confidential_memory(root_page_address, paging_system)?; - Ok(root_page_table) } diff --git a/security-monitor/src/core/page_allocator/page_allocator.rs b/security-monitor/src/core/page_allocator/page_allocator.rs index 056d7fe..a593dff 100644 --- a/security-monitor/src/core/page_allocator/page_allocator.rs +++ b/security-monitor/src/core/page_allocator/page_allocator.rs @@ -149,7 +149,7 @@ impl<'a> PageAllocator { /// the requested criteria. pub fn acquire_continous_pages(number_of_pages: usize, page_size: PageSize) -> Result>, Error> { let pages = Self::try_write(|page_allocator| Ok(page_allocator.acquire(number_of_pages, page_size)))?; - assure_not!(pages.is_empty(), Error::OutOfMemory())?; + assure_not!(pages.is_empty(), Error::OutOfPages())?; Ok(pages) } diff --git a/security-monitor/src/error.rs b/security-monitor/src/error.rs index 2f40862..134cf86 100644 --- a/security-monitor/src/error.rs +++ b/security-monitor/src/error.rs @@ -30,8 +30,10 @@ pub enum Error { FdtParsing(), #[error("Could not convert SBI argument to usize: {0}")] SbiArgument(#[from] TryFromIntError), - #[error("Not enough memory to allocate")] + #[error("Not enough memory to allocate on heap")] OutOfMemory(), + #[error("Not enough memory to allocate a page")] + OutOfPages(), #[error("Page table error")] PageTableConfiguration(), #[error("Page Table is corrupted")] diff --git a/security-monitor/src/non_confidential_flow/context_switch/exit_to_hypervisor.S b/security-monitor/src/non_confidential_flow/context_switch/exit_to_hypervisor.S index f3b1ac9..547beee 100644 --- a/security-monitor/src/non_confidential_flow/context_switch/exit_to_hypervisor.S +++ b/security-monitor/src/non_confidential_flow/context_switch/exit_to_hypervisor.S @@ -97,15 +97,15 @@ exit_to_hypervisor_asm: csrw sscratch, t0 # TODO: only zeroize VS-mode CSRs when coming from the CVM - li t0, 0 - csrw vsstatus, t0 - csrw vsie, t0 - csrw vstvec, t0 - csrw vsscratch, t0 - csrw vsepc, t0 - csrw vscause, t0 - csrw vstval, t0 - csrw vsatp, t0 + # li t0, 0 + # csrw vsstatus, t0 + # csrw vsie, t0 + # csrw vstvec, t0 + # csrw vsscratch, t0 + # csrw vsepc, t0 + # csrw vscause, t0 + # csrw vstval, t0 + # csrw vsatp, t0 # finally restore from memory the t0 and a0 registers ld t0, ({HART_T0_OFFSET})(a0) diff --git a/security-monitor/src/non_confidential_flow/control_flow/mod.rs b/security-monitor/src/non_confidential_flow/control_flow/mod.rs index 06c00a1..8717b4f 100644 --- a/security-monitor/src/non_confidential_flow/control_flow/mod.rs +++ b/security-monitor/src/non_confidential_flow/control_flow/mod.rs @@ -21,6 +21,8 @@ pub struct NonConfidentialFlow<'a> { } impl<'a> NonConfidentialFlow<'a> { + const INVALID_INTERRUPT_DELEGATION: &str = "Bug: Incorrect interrupt delegation configuration"; + /// Creates an instance of non-confidential flow token. NonConfidentialFlow instance can be created only by the code /// owning a mutable reference to the HardwareHart. This can be only the piece of code invoked by assembly and the /// ConfidentialFlow. @@ -51,8 +53,7 @@ impl<'a> NonConfidentialFlow<'a> { } VsEcall(_) => vm_hypercall::handle(self.hardware_hart.sbi_vm_request(), self), MachineEcall => opensbi::handle(self.hardware_hart.opensbi_request(), self), - GuestLoadPageFault => panic!("Bug: Incorrect interrupt delegation configuration"), - GuestStorePageFault => panic!("Bug: Incorrect interrupt delegation configuration"), + GuestInstructionPageFault | GuestLoadPageFault | GuestStorePageFault => panic!("{}", Self::INVALID_INTERRUPT_DELEGATION), Unknown => invalid_call::handle(self), } } diff --git a/security-monitor/src/non_confidential_flow/handlers/convert_to_confidential_vm.rs b/security-monitor/src/non_confidential_flow/handlers/convert_to_confidential_vm.rs index 901656b..0128fc7 100644 --- a/security-monitor/src/non_confidential_flow/handlers/convert_to_confidential_vm.rs +++ b/security-monitor/src/non_confidential_flow/handlers/convert_to_confidential_vm.rs @@ -23,14 +23,12 @@ fn create_confidential_vm(convert_to_confidential_vm_request: ConvertToConfident let memory_protector = ConfidentialVmMemoryProtector::from_vm_state(&hart_state)?; // TODO: read number of harts from fdt let confidential_harts_count = 2; - let confidential_harts = (0..confidential_harts_count) .map(|confidential_hart_id| match confidential_hart_id { 0 => ConfidentialHart::from_vm_hart(confidential_hart_id, &hart_state), _ => ConfidentialHart::from_vm_hart_reset(confidential_hart_id, &hart_state), }) .collect(); - // TODO: measure the confidential VM // TODO: perform local attestation (optional) diff --git a/tools/ace_run_hypervisor.sh b/tools/ace_run_hypervisor.sh index 16dced0..5a0f0c1 100755 --- a/tools/ace_run_hypervisor.sh +++ b/tools/ace_run_hypervisor.sh @@ -9,13 +9,13 @@ if [ -z ${ACE_DIR} ]; then fi QEMU_CMD=${ACE_DIR}/qemu/bin/qemu-system-riscv64 -KERNEL=${ACE_DIR}/opensbi/platform/generic/firmware/fw_payload.elf -DRIVE=${ACE_DIR}/buildroot/images/rootfs.ext2 +KERNEL=${ACE_DIR}/security-monitor/opensbi/platform/generic/firmware/fw_payload.elf +DRIVE=${ACE_DIR}/hypervisor/buildroot/images/rootfs.ext4 HOST_PORT="$((3000 + RANDOM % 3000))" INTERACTIVE="-nographic" SMP=2 -MEMORY=512M # in MB +MEMORY=8G for i in "$@"; do case $i in