Message ID | 20241125065950.1179068-1-pierrick.bouvier@linaro.org |
---|---|
State | New |
Headers | show |
Series | tests/functional/aarch64_virt: add test for FEAT_RME | expand |
On 11/25/24 00:59, Pierrick Bouvier wrote: > + self.vm.launch() > + self.wait_for_console_pattern('Welcome to Buildroot') > + time.sleep(0.1) > + exec_command(self, 'root') > + time.sleep(0.1) There are patches on list or just merged to allow matching login/ps1 prompts instead of sleeping. r~
Pierrick Bouvier <pierrick.bouvier@linaro.org> writes: > This boot an OP-TEE environment, and launch a nested guest VM inside it > using the Realms feature. > > Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> > --- > tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++ > 1 file changed, 62 insertions(+) > > diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py > index 30bab5a677c..3e8f9372132 100755 > --- a/tests/functional/test_aarch64_virt.py > +++ b/tests/functional/test_aarch64_virt.py > @@ -18,6 +18,7 @@ > from qemu_test import QemuSystemTest, Asset > from qemu_test import exec_command, wait_for_console_pattern > from qemu_test import get_qemu_img, run_cmd > +from qemu_test.utils import archive_extract > > > class Aarch64VirtMachine(QemuSystemTest): > @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self): > return > self.common_aarch64_virt("virt,gic-version=2") > > + # Stack is built with OP-TEE build environment from those instructions: > + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ > + # https://github.com/pbo-linaro/qemu-rme-stack > + ASSET_RME_STACK = Asset( > + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/' > + 'download/rme-stack-op-tee-4.2.0.tar.gz'), > + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb') > + > + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it, > + # and launching a nested VM using it. > + def test_aarch64_virt_rme(self): > + stack_path_tar_gz = self.ASSET_RME_STACK.fetch() > + archive_extract(stack_path_tar_gz, self.workdir) > + > + self.set_machine('virt') > + self.vm.set_console() > + self.require_accelerator('tcg') > + > + rme_stack = os.path.join(self.workdir, 'rme-stack') > + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image') > + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin') > + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4') > + > + self.vm.add_args('-accel', 'tcg') > + self.vm.add_args('-cpu', 'max,x-rme=on') > + self.vm.add_args('-m', '2048') > + self.vm.add_args('-M', 'virt,acpi=off,' > + 'virtualization=on,' > + 'secure=on,' > + 'gic-version=3') > + self.vm.add_args('-bios', bios) > + self.vm.add_args('-kernel', kernel) > + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0') > + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0') > + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0') > + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0') > + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0') > + self.vm.add_args('-netdev', 'user,id=net0') > + self.vm.add_args('-append', 'root=/dev/vda') > + > + self.vm.launch() > + self.wait_for_console_pattern('Welcome to Buildroot') > + time.sleep(0.1) > + exec_command(self, 'root') > + time.sleep(0.1) > + > + # We now boot the (nested) guest VM > + exec_command(self, > + 'qemu-system-aarch64 -M virt,gic-version=3 ' > + '-cpu host -enable-kvm -m 512M ' > + '-M confidential-guest-support=rme0 ' > + '-object rme-guest,id=rme0,measurement-algo=sha512 ' > + '-device virtio-net-pci,netdev=net0,romfile= ' > + '-netdev user,id=net0 ' > + '-kernel /mnt/out/bin/Image ' > + '-initrd /mnt/out-br/images/rootfs.cpio ' > + '-serial stdio') > + # Detect Realm activation during boot. > + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE') > + # Wait for boot to complete. > + self.wait_for_console_pattern('Welcome to Buildroot') This is the same as above? Or the console of the guest? Could we also check the output of the other serial posts? > > if __name__ == '__main__': > QemuSystemTest.main()
On 11/25/24 10:00, Alex Bennée wrote: > Pierrick Bouvier <pierrick.bouvier@linaro.org> writes: > >> This boot an OP-TEE environment, and launch a nested guest VM inside it >> using the Realms feature. >> >> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> >> --- >> tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++ >> 1 file changed, 62 insertions(+) >> >> diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py >> index 30bab5a677c..3e8f9372132 100755 >> --- a/tests/functional/test_aarch64_virt.py >> +++ b/tests/functional/test_aarch64_virt.py >> @@ -18,6 +18,7 @@ >> from qemu_test import QemuSystemTest, Asset >> from qemu_test import exec_command, wait_for_console_pattern >> from qemu_test import get_qemu_img, run_cmd >> +from qemu_test.utils import archive_extract >> >> >> class Aarch64VirtMachine(QemuSystemTest): >> @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self): >> return >> self.common_aarch64_virt("virt,gic-version=2") >> >> + # Stack is built with OP-TEE build environment from those instructions: >> + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ >> + # https://github.com/pbo-linaro/qemu-rme-stack >> + ASSET_RME_STACK = Asset( >> + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/' >> + 'download/rme-stack-op-tee-4.2.0.tar.gz'), >> + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb') >> + >> + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it, >> + # and launching a nested VM using it. >> + def test_aarch64_virt_rme(self): >> + stack_path_tar_gz = self.ASSET_RME_STACK.fetch() >> + archive_extract(stack_path_tar_gz, self.workdir) >> + >> + self.set_machine('virt') >> + self.vm.set_console() >> + self.require_accelerator('tcg') >> + >> + rme_stack = os.path.join(self.workdir, 'rme-stack') >> + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image') >> + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin') >> + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4') >> + >> + self.vm.add_args('-accel', 'tcg') >> + self.vm.add_args('-cpu', 'max,x-rme=on') >> + self.vm.add_args('-m', '2048') >> + self.vm.add_args('-M', 'virt,acpi=off,' >> + 'virtualization=on,' >> + 'secure=on,' >> + 'gic-version=3') >> + self.vm.add_args('-bios', bios) >> + self.vm.add_args('-kernel', kernel) >> + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0') >> + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0') >> + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0') >> + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0') >> + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0') >> + self.vm.add_args('-netdev', 'user,id=net0') >> + self.vm.add_args('-append', 'root=/dev/vda') >> + >> + self.vm.launch() >> + self.wait_for_console_pattern('Welcome to Buildroot') >> + time.sleep(0.1) >> + exec_command(self, 'root') >> + time.sleep(0.1) >> + >> + # We now boot the (nested) guest VM >> + exec_command(self, >> + 'qemu-system-aarch64 -M virt,gic-version=3 ' >> + '-cpu host -enable-kvm -m 512M ' >> + '-M confidential-guest-support=rme0 ' >> + '-object rme-guest,id=rme0,measurement-algo=sha512 ' >> + '-device virtio-net-pci,netdev=net0,romfile= ' >> + '-netdev user,id=net0 ' >> + '-kernel /mnt/out/bin/Image ' >> + '-initrd /mnt/out-br/images/rootfs.cpio ' >> + '-serial stdio') >> + # Detect Realm activation during boot. >> + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE') >> + # Wait for boot to complete. >> + self.wait_for_console_pattern('Welcome to Buildroot') > > This is the same as above? Or the console of the guest? > It's the guest yes, as the comment try to explain. I chose to implement it this way, instead of going with a separate socket, because it would make the test code much more complicated with no real benefit. > Could we also check the output of the other serial posts? > Host does not print anything. We already check guest. Message 'SMC_RMI_REALM_ACTIVATE' comes from the firmware. Secure terminal is completely silent. Were you thinking to something else? Feel free to try [1], you can build and launch the vm in two commands without having to install anything on your machine. [1] https://github.com/pbo-linaro/qemu-rme-stack >> >> if __name__ == '__main__': >> QemuSystemTest.main() >
Pierrick Bouvier <pierrick.bouvier@linaro.org> writes: > On 11/25/24 10:00, Alex Bennée wrote: >> Pierrick Bouvier <pierrick.bouvier@linaro.org> writes: >> >>> This boot an OP-TEE environment, and launch a nested guest VM inside it >>> using the Realms feature. >>> >>> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> >>> --- >>> tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++ >>> 1 file changed, 62 insertions(+) >>> >>> diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py >>> index 30bab5a677c..3e8f9372132 100755 >>> --- a/tests/functional/test_aarch64_virt.py >>> +++ b/tests/functional/test_aarch64_virt.py >>> @@ -18,6 +18,7 @@ >>> from qemu_test import QemuSystemTest, Asset >>> from qemu_test import exec_command, wait_for_console_pattern >>> from qemu_test import get_qemu_img, run_cmd >>> +from qemu_test.utils import archive_extract >>> class Aarch64VirtMachine(QemuSystemTest): >>> @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self): >>> return >>> self.common_aarch64_virt("virt,gic-version=2") >>> + # Stack is built with OP-TEE build environment from those >>> instructions: >>> + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ >>> + # https://github.com/pbo-linaro/qemu-rme-stack >>> + ASSET_RME_STACK = Asset( >>> + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/' >>> + 'download/rme-stack-op-tee-4.2.0.tar.gz'), >>> + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb') >>> + >>> + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it, >>> + # and launching a nested VM using it. >>> + def test_aarch64_virt_rme(self): >>> + stack_path_tar_gz = self.ASSET_RME_STACK.fetch() >>> + archive_extract(stack_path_tar_gz, self.workdir) >>> + >>> + self.set_machine('virt') >>> + self.vm.set_console() >>> + self.require_accelerator('tcg') >>> + >>> + rme_stack = os.path.join(self.workdir, 'rme-stack') >>> + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image') >>> + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin') >>> + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4') >>> + >>> + self.vm.add_args('-accel', 'tcg') >>> + self.vm.add_args('-cpu', 'max,x-rme=on') >>> + self.vm.add_args('-m', '2048') >>> + self.vm.add_args('-M', 'virt,acpi=off,' >>> + 'virtualization=on,' >>> + 'secure=on,' >>> + 'gic-version=3') >>> + self.vm.add_args('-bios', bios) >>> + self.vm.add_args('-kernel', kernel) >>> + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0') >>> + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0') >>> + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0') >>> + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0') >>> + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0') >>> + self.vm.add_args('-netdev', 'user,id=net0') >>> + self.vm.add_args('-append', 'root=/dev/vda') >>> + >>> + self.vm.launch() >>> + self.wait_for_console_pattern('Welcome to Buildroot') >>> + time.sleep(0.1) >>> + exec_command(self, 'root') >>> + time.sleep(0.1) >>> + >>> + # We now boot the (nested) guest VM >>> + exec_command(self, >>> + 'qemu-system-aarch64 -M virt,gic-version=3 ' >>> + '-cpu host -enable-kvm -m 512M ' >>> + '-M confidential-guest-support=rme0 ' >>> + '-object rme-guest,id=rme0,measurement-algo=sha512 ' >>> + '-device virtio-net-pci,netdev=net0,romfile= ' >>> + '-netdev user,id=net0 ' >>> + '-kernel /mnt/out/bin/Image ' >>> + '-initrd /mnt/out-br/images/rootfs.cpio ' >>> + '-serial stdio') >>> + # Detect Realm activation during boot. >>> + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE') >>> + # Wait for boot to complete. >>> + self.wait_for_console_pattern('Welcome to Buildroot') >> This is the same as above? Or the console of the guest? >> > > It's the guest yes, as the comment try to explain. > I chose to implement it this way, instead of going with a separate > socket, because it would make the test code much more complicated with > no real benefit. Can you interact with that console? I'm wondering if we can stimulate the realm to do something a bit more than to get to the login prompt. I agree sinking multiple serial ports would make the test more complex and we shouldn't do it if we can prove everything works via the guests interaction. >> Could we also check the output of the other serial posts? >> > > Host does not print anything. > We already check guest. > Message 'SMC_RMI_REALM_ACTIVATE' comes from the firmware. > Secure terminal is completely silent. > > Were you thinking to something else? > > Feel free to try [1], you can build and launch the vm in two commands > without having to install anything on your machine. > > [1] https://github.com/pbo-linaro/qemu-rme-stack Nice ;-) > >>> if __name__ == '__main__': >>> QemuSystemTest.main() >>
On 11/26/24 02:51, Alex Bennée wrote: > Pierrick Bouvier <pierrick.bouvier@linaro.org> writes: > >> On 11/25/24 10:00, Alex Bennée wrote: >>> Pierrick Bouvier <pierrick.bouvier@linaro.org> writes: >>> >>>> This boot an OP-TEE environment, and launch a nested guest VM inside it >>>> using the Realms feature. >>>> >>>> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> >>>> --- >>>> tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++ >>>> 1 file changed, 62 insertions(+) >>>> >>>> diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py >>>> index 30bab5a677c..3e8f9372132 100755 >>>> --- a/tests/functional/test_aarch64_virt.py >>>> +++ b/tests/functional/test_aarch64_virt.py >>>> @@ -18,6 +18,7 @@ >>>> from qemu_test import QemuSystemTest, Asset >>>> from qemu_test import exec_command, wait_for_console_pattern >>>> from qemu_test import get_qemu_img, run_cmd >>>> +from qemu_test.utils import archive_extract >>>> class Aarch64VirtMachine(QemuSystemTest): >>>> @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self): >>>> return >>>> self.common_aarch64_virt("virt,gic-version=2") >>>> + # Stack is built with OP-TEE build environment from those >>>> instructions: >>>> + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ >>>> + # https://github.com/pbo-linaro/qemu-rme-stack >>>> + ASSET_RME_STACK = Asset( >>>> + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/' >>>> + 'download/rme-stack-op-tee-4.2.0.tar.gz'), >>>> + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb') >>>> + >>>> + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it, >>>> + # and launching a nested VM using it. >>>> + def test_aarch64_virt_rme(self): >>>> + stack_path_tar_gz = self.ASSET_RME_STACK.fetch() >>>> + archive_extract(stack_path_tar_gz, self.workdir) >>>> + >>>> + self.set_machine('virt') >>>> + self.vm.set_console() >>>> + self.require_accelerator('tcg') >>>> + >>>> + rme_stack = os.path.join(self.workdir, 'rme-stack') >>>> + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image') >>>> + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin') >>>> + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4') >>>> + >>>> + self.vm.add_args('-accel', 'tcg') >>>> + self.vm.add_args('-cpu', 'max,x-rme=on') >>>> + self.vm.add_args('-m', '2048') >>>> + self.vm.add_args('-M', 'virt,acpi=off,' >>>> + 'virtualization=on,' >>>> + 'secure=on,' >>>> + 'gic-version=3') >>>> + self.vm.add_args('-bios', bios) >>>> + self.vm.add_args('-kernel', kernel) >>>> + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0') >>>> + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0') >>>> + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0') >>>> + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0') >>>> + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0') >>>> + self.vm.add_args('-netdev', 'user,id=net0') >>>> + self.vm.add_args('-append', 'root=/dev/vda') >>>> + >>>> + self.vm.launch() >>>> + self.wait_for_console_pattern('Welcome to Buildroot') >>>> + time.sleep(0.1) >>>> + exec_command(self, 'root') >>>> + time.sleep(0.1) >>>> + >>>> + # We now boot the (nested) guest VM >>>> + exec_command(self, >>>> + 'qemu-system-aarch64 -M virt,gic-version=3 ' >>>> + '-cpu host -enable-kvm -m 512M ' >>>> + '-M confidential-guest-support=rme0 ' >>>> + '-object rme-guest,id=rme0,measurement-algo=sha512 ' >>>> + '-device virtio-net-pci,netdev=net0,romfile= ' >>>> + '-netdev user,id=net0 ' >>>> + '-kernel /mnt/out/bin/Image ' >>>> + '-initrd /mnt/out-br/images/rootfs.cpio ' >>>> + '-serial stdio') >>>> + # Detect Realm activation during boot. >>>> + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE') >>>> + # Wait for boot to complete. >>>> + self.wait_for_console_pattern('Welcome to Buildroot') >>> This is the same as above? Or the console of the guest? >>> >> >> It's the guest yes, as the comment try to explain. >> I chose to implement it this way, instead of going with a separate >> socket, because it would make the test code much more complicated with >> no real benefit. > > Can you interact with that console? I'm wondering if we can stimulate > the realm to do something a bit more than to get to the login prompt. > Yes, we can login and run anything, or even poweroff the VM. At this point of the test, the terminal *is* the (nested) guest. We would need to poweroff before accessing the host again, or send a ctrl-z. I asked to Jean-Philippe suggestions to run a specific command to stress the implementation a bit more than simply booting. > I agree sinking multiple serial ports would make the test more complex > and we shouldn't do it if we can prove everything works via the guests > interaction. > >>> Could we also check the output of the other serial posts? >>> >> >> Host does not print anything. >> We already check guest. >> Message 'SMC_RMI_REALM_ACTIVATE' comes from the firmware. >> Secure terminal is completely silent. >> >> Were you thinking to something else? >> >> Feel free to try [1], you can build and launch the vm in two commands >> without having to install anything on your machine. >> >> [1] https://github.com/pbo-linaro/qemu-rme-stack > > Nice ;-) > Kudos to Jean-Philippe for the clear and simple instructions to build it! >> >>>> if __name__ == '__main__': >>>> QemuSystemTest.main() >>> >
On 11/25/24 06:14, Richard Henderson wrote: > On 11/25/24 00:59, Pierrick Bouvier wrote: >> + self.vm.launch() >> + self.wait_for_console_pattern('Welcome to Buildroot') >> + time.sleep(0.1) >> + exec_command(self, 'root') >> + time.sleep(0.1) > > There are patches on list or just merged to allow matching login/ps1 prompts instead of > sleeping. > > > r~ > Indeed, exec_command_and_wait_for_pattern function seems a better choice. I'll use it.
diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py index 30bab5a677c..3e8f9372132 100755 --- a/tests/functional/test_aarch64_virt.py +++ b/tests/functional/test_aarch64_virt.py @@ -18,6 +18,7 @@ from qemu_test import QemuSystemTest, Asset from qemu_test import exec_command, wait_for_console_pattern from qemu_test import get_qemu_img, run_cmd +from qemu_test.utils import archive_extract class Aarch64VirtMachine(QemuSystemTest): @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self): return self.common_aarch64_virt("virt,gic-version=2") + # Stack is built with OP-TEE build environment from those instructions: + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ + # https://github.com/pbo-linaro/qemu-rme-stack + ASSET_RME_STACK = Asset( + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/' + 'download/rme-stack-op-tee-4.2.0.tar.gz'), + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb') + + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it, + # and launching a nested VM using it. + def test_aarch64_virt_rme(self): + stack_path_tar_gz = self.ASSET_RME_STACK.fetch() + archive_extract(stack_path_tar_gz, self.workdir) + + self.set_machine('virt') + self.vm.set_console() + self.require_accelerator('tcg') + + rme_stack = os.path.join(self.workdir, 'rme-stack') + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image') + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin') + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4') + + self.vm.add_args('-accel', 'tcg') + self.vm.add_args('-cpu', 'max,x-rme=on') + self.vm.add_args('-m', '2048') + self.vm.add_args('-M', 'virt,acpi=off,' + 'virtualization=on,' + 'secure=on,' + 'gic-version=3') + self.vm.add_args('-bios', bios) + self.vm.add_args('-kernel', kernel) + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0') + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0') + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0') + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0') + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0') + self.vm.add_args('-netdev', 'user,id=net0') + self.vm.add_args('-append', 'root=/dev/vda') + + self.vm.launch() + self.wait_for_console_pattern('Welcome to Buildroot') + time.sleep(0.1) + exec_command(self, 'root') + time.sleep(0.1) + + # We now boot the (nested) guest VM + exec_command(self, + 'qemu-system-aarch64 -M virt,gic-version=3 ' + '-cpu host -enable-kvm -m 512M ' + '-M confidential-guest-support=rme0 ' + '-object rme-guest,id=rme0,measurement-algo=sha512 ' + '-device virtio-net-pci,netdev=net0,romfile= ' + '-netdev user,id=net0 ' + '-kernel /mnt/out/bin/Image ' + '-initrd /mnt/out-br/images/rootfs.cpio ' + '-serial stdio') + # Detect Realm activation during boot. + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE') + # Wait for boot to complete. + self.wait_for_console_pattern('Welcome to Buildroot') if __name__ == '__main__': QemuSystemTest.main()
This boot an OP-TEE environment, and launch a nested guest VM inside it using the Realms feature. Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> --- tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++ 1 file changed, 62 insertions(+)