GitHub - renchenglei/ikgt-core at disable-vtd

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 232 Commits
include		include
lib		lib
loader		loader
packer		packer
product		product
tools/profile		tools/profile
vmm		vmm
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
readme.txt		readme.txt
rule.linux		rule.linux

Repository files navigation

################################################
# Copyright (c) 2015-2019 Intel Corporation.
# All rights reserved.
#
# SPDX-License-Identidfier: Apache-2.0
#
################################################

This readme covers instructions for building and launching evmm, which is a core
VTx layer.

=============================================================================
Content of the Source Package
=============================================================================

	vmm
	This contains evmm source files and build makefiles

	loader
	This contains pre-OS loader for evmm launch

	packer
	This contains packer tool to build final image from vmm and loader

	product
	This contains config file for different boards

=============================================================================
Config files
=============================================================================

	below configures should be changed if you are using different boards:
	- DEBUG
		Description: Enable debug build.
	- LOG_LEVEL
		Description: Define log level (1:panic, 2:info, 3:warning, 4:trace).
	- MAX_CPU_NUM
		Description: Must have. It is the max cpu number of the board.
	- TOP_OF_MEM
		Description: Optional, in some platform, it is must have. it is the "top of memory" from e820 table. Note: it is NOT memory size. for example, in GordenPeak, it have 8G memory but the top of memory is 10G
	- TSC_PER_MS
		Description: Optional, in some platform, it is must have. It can be got from kernel log, eg. "[    0.000000] tsc: Detected 1881.600 MHz processor". TSC_PER_MS is defined in KHz.
	- CPU_NUM
		Description: Optional (if you don't know the value, or it should be calculated dynamically, you should remove it). It is the number of the cpus in your board.
					 When it is defined, it must be equal to MAX_CPU_NUM.
	- LOADER_STAGE0_SUB
		Description: Must have. it specifies which stage0 is used.
	- EPT_POLICY
		Description: Default ept policy.
	- EVMM_PKG_BIN_SIZE
		Description: Used to check if the final evmm_pkg.bin (or ikgt_pkg.bin) exceeds the size.
	- STACK_PROTECTOR
		Description: make use of gcc to emit extra code and check buffer overflows.
	- SYNC_CPU_IN_BOOT
		Description: bsp wait for ap before the first guest launched.

	- LIB_LAPIC_IPI
		Description: Provide api to send IPI.

	- LIB_MP_INIT
		Description: Wakeup ap from real mode to 64 bit mode.
		Dependency:
			LIB_LAPIC_IPI

	- LIB_PCI
		Description: Provide pci read/write functions.

	- LIB_PRINT
		Description: Provide print functions.
		Dependency:
			LIB_PCI (optional)
		SubFlags:
			- SERIAL_MMIO
				Description: Determine whether the print devices uses IO or MMIO.
			- SERIAL_PCI
				Description: If print device is a PCI device, the PCI bus/device/function must be specified here.
				Dependency: LIB_PCI
				SubFlags:
					- SERIAL_PCI_BUS
					- SERIAL_PCI_DEV
					- SERIAL_PCI_FUN
			- SERIAL_BASE
				Description: If SERIAL_PCI is not define, serial base (IO or MMIO) should be specified by this flag.

	- LIB_EFI_SERVICES
		Description: Support UEFI services
		SubFlags:
			- START_AP_BY_EFI_MP_SERVICE
				Description: Startup APs by EFI_MP_SERVICES

	- MODULE_VMCALL
		Description: Vmcall support.

	- MODULE_DEADLOOP
		Description: Inject GP to guest 0 when system hang in host.

	- MODULE_ACPI
		Description: Provide api to search ACPI tables.

	- MODULE_IO_MONITOR
		Description: Provide api to monitor IO access.

	- MODULE_SUSPEND
		Description: S3 support.
		Dependency:
			LIB_MP_INIT,
			MODULE_IO_MONITOR,
			MODULE_ACPI,
			MODULE_IPC

	- MODULE_LAPIC_ID
		Description: Provide api to get APIC ID according to host cpu id.
		Dependency:
			LIB_LAPIC_IPI

	- MODULE_IPC
		Description: Execute function in other cpus.
		Dependency:
			LIB_LAPIC_IPI,
			MODULE_LAPIC_ID (optional)

	- MODULE_DR
		Description: Isolation for dr0~3, 6.

	- MODULE_CR
		Description: Isolation for CR2, CR8.

	- MODULE_XSAVE
		Description: Isolation for fpu/mmx/avx registers.

	- MODULE_FXSAVE
		Description: Isolation for fpu/mmx/avx registers.

	- MODULE_MSR_ISOLATION
		Description: Provide api to isolate MSRs.
		SubFlags:
			- MAX_ISOLATED_MSR_COUNT
				Description: Specify the max msr count to be isolated.

	- MODULE_MSR_MONITOR
		Description: Provide api to monitor MSR access.

	- MODULE_TEMPLATE_TEE
		Description: Provide Tee guest framework

	- MODULE_TRUSTY_TEE
		Description: Enable Trusty based on template tee framework
		Dependency:
			MODULE_TEMPLATE_TEE
			others refer to MODULE_TRUSTY_GUEST

	- MODULE_TRUSTY_GUEST
		Description: Enable Trusty.
		Dependency:
			LIB_IPC (optional),
			MODULE_VMCALL,
			MODULE_MSR_ISOLATION(optional),
			MODULE_DEADLOOP(optional)
		SubFlags:
			- ENABLE_SGUEST_SMP
				Description: Enable SMP for LK.
				Dependency: LIB_IPC
			- DMA_FROM_CSE
				Description: Optional, allow CSE device access multi guests' memory by DMA. This macro should take the value of PCI device id(PCI_DEV(Bus:Device:Func));
		- PACK_LK
			Description: pack lk.elf into evmm_pkg.bin
			- DERIVE_KEY
				Description: Derive key
				Dependency: MODULE_CRYPTO

	- MODULE_VTD
		Description: Enable VT-d. Current policy for VT-d is to use same memory layout as guest 0 (Android).
		Dependency:
			MODULE_ACPI
		SubFlags:
			- DMAR_MAX_ENGINE
				Description: Specify max DMAR engine in system. usually it is 4.
			- SKIP_DMAR_GPU
				Description: Workaround for bug OAM-42091, conflict with GFX.
			- MULTI_GUEST_DMA
				Description: Optional, allow a device access multi guests' memory by DMA.

	- MODULE_DEV_BLK
		Description: provide API to block access to devices from guests.
	Dependency:
		LIB_PCI(optional),
		MODULE_ACPI(optional),
		MODULE_IO_MONITOR(optional)

	- MODULE_VMX_TIMER
		Description: Provide api to use vmx timer.

	- MODULE_TSC
		Description: Allow guest 0 to modify TSC while keep other guests unaffected.
		Dependency:
			MODULE_MSR_MONITOR

	- MODULE_EXT_INTR
	Description: monitor all external interrupts.

	- MODULE_VMEXIT_INIT
	Description: handle INIT vmexit event. This module handle INIT signal properly when guest disable/enable CPUs(AP) at runtime.

	- MODULE_VMENTER_CHECK
		Description: For debug. Check vmentry failure reasons.

	- MODULE_VMEXIT_TASK_SWITCH
		Description: Support task switch in vmexit.

	- MODULE_PROFILE
		SubFlags:
		- STACK_PROFILE
		Description: For debug. Profile EVMM stack usage
		- TIME_PROFILE
		Description: For debug. Profile guest OS and EVMM performance

	- MODULE_INTERRUPT_IPI
		Description: Deliver interrupt to Guest by Self-IPI.

	- MODULE_PERF_CTRL_ISOLATION
		Description: Monitor IA32_PERF_GLOBAL_CTRL MSR and do guest-host/guest-guest isolation.

	- MODULE_SPECTRE
		Description: To prevent spectre attack.

	- MODULE_INSTRUCTION_DECODE
		Description: Support instruction decode

	- AP_START_IN_HLT
		Description: Set processors to HLT when init. Default is WAIT_FOR_SIPI.

	- MODULE_CRYPTO
		Description: add hkdf and kdf crypto lib support

	- MODULE_APS_STATE
		Description: set Guest APs to init state

	- MODULE_BLOCK_NPK
		Description: Disable NPK device
		Dependency:
			MODULE_DEV_BLK
		SubFlags:
			- NPK_PCI_BUS
			- NPK_PCI_DEV
			- NPK_PCI_FUN

	 - MODULE_SECURITY_INFO
		Description: Set device secure information and provide derive key function

End of file