Skip to content

Commit

Permalink
Update script to support v8.0+ QEMU
Browse files Browse the repository at this point in the history
Signed-off-by: Wei Liu <[email protected]>
  • Loading branch information
liuw1 authored and jyao1 committed Jul 23, 2024
1 parent d256700 commit b7bb5bb
Show file tree
Hide file tree
Showing 2 changed files with 100 additions and 21 deletions.
41 changes: 28 additions & 13 deletions sh_script/integration_tdx.sh
Original file line number Diff line number Diff line change
Expand Up @@ -142,11 +142,10 @@ launch_td_test_payload() {
local time_out=120
local key_str="0 failed"

nohup ${qemu_tdx_path} -accel kvm \
QEMU_CMD="${qemu_tdx_path} -accel kvm \
-name process=rust-td,debug-threads=on \
-smp ${cpus},sockets=${cpus} \
-object tdx-guest,id=tdx,debug=on \
-object memory-backend-memfd-private,id=ram1,size=${memory} \
-machine q35,memory-backend=ram1,kernel_irqchip=split,confidential-guest-support=tdx \
-no-hpet \
-cpu host,pmu=off,-kvm-steal-time \
Expand All @@ -155,17 +154,25 @@ launch_td_test_payload() {
-chardev stdio,id=mux,mux=on,signal=off \
-device virtio-serial,romfile= \
-device virtconsole,chardev=mux -serial chardev:mux -monitor chardev:mux \
-d int -no-reboot > ${nohup_logfile} 2>&1 &

-d int -no-reboot"

QEMU_VERSION=`${qemu_tdx_path} --version | grep -oP 'version \K[^\s]+'`
if [ "$(printf '%s\n' "8.0.0" "${QEMU_VERSION}" | sort -V | head -n1)" == "8.0.0" ]; then
QEMU_CMD+=" -object memory-backend-ram,id=ram1,size=${memory},private=on "
else
QEMU_CMD+=" -object memory-backend-memfd-private,id=ram1,size=${memory} "
fi

eval "nohup ${QEMU_CMD} > ${nohup_logfile} 2>&1 &"
check_result ${nohup_logfile} "${key_str}" ${time_out}

if [[ $? -eq 0 ]]
then
ps aux | grep ${qemu_tdx_path} | grep -v grep | awk -F ' ' '{print $2}' | xargs kill -9
cat ${nohup_logfile} && echo "-- launch td payload: Pass"
else
ps aux | grep ${qemu_tdx_path} | grep -v grep | awk -F ' ' '{print $2}' | xargs kill -9
else
cat ${nohup_logfile} && echo "-- launch td payload: Fail" && exit 1
ps aux | grep ${qemu_tdx_path} | grep -v grep | awk -F ' ' '{print $2}' | xargs kill -9
fi
}

Expand All @@ -174,11 +181,10 @@ test_secure_boot() {
local time_out=120
local key_str="Starting td-payload hob"

nohup ${qemu_tdx_path} -accel kvm \
QEMU_CMD="${qemu_tdx_path} -accel kvm \
-name process=rust-td,debug-threads=on \
-smp ${cpus},sockets=${cpus} \
-object tdx-guest,id=tdx,debug=on \
-object memory-backend-memfd-private,id=ram1,size=${memory} \
-machine q35,memory-backend=ram1,kernel_irqchip=split,confidential-guest-support=tdx \
-no-hpet \
-cpu host,pmu=off,-kvm-steal-time \
Expand All @@ -187,19 +193,28 @@ test_secure_boot() {
-chardev stdio,id=mux,mux=on,signal=off \
-device virtio-serial,romfile= \
-device virtconsole,chardev=mux -serial chardev:mux -monitor chardev:mux \
-d int -no-reboot > ${nohup_logfile} 2>&1 &

-d int -no-reboot"

QEMU_VERSION=`${qemu_tdx_path} --version | grep -oP 'version \K[^\s]+'`
if [ "$(printf '%s\n' "8.0.0" "${QEMU_VERSION}" | sort -V | head -n1)" == "8.0.0" ]; then
QEMU_CMD+=" -object memory-backend-ram,id=ram1,size=${memory},private=on "
else
QEMU_CMD+=" -object memory-backend-memfd-private,id=ram1,size=${memory} "
fi

eval "nohup ${QEMU_CMD} > ${nohup_logfile} 2>&1 &"
check_result ${nohup_logfile} "${key_str}" ${time_out}

if [[ $? -eq 0 && ${firmware} == *normal* ]] ||
[[ $? -ne 0 && ${firmware} == *mismatch-pubkey* ]] ||
[[ $? -ne 0 && ${firmware} == *unsigned* ]]
then
ps aux | grep ${qemu_tdx_path} | grep -v grep | awk -F ' ' '{print $2}' | xargs kill -9
echo "-- secure boot test: Pass"
else
ps aux | grep ${qemu_tdx_path} | grep -v grep | awk -F ' ' '{print $2}' | xargs kill -9

else
cat ${nohup_logfile} && echo "-- secure boot test: Fail" && exit 1
ps aux | grep ${qemu_tdx_path} | grep -v grep | awk -F ' ' '{print $2}' | xargs kill -9
fi
}

Expand Down Expand Up @@ -229,4 +244,4 @@ main() {
}

proccess_args $@
main
main
80 changes: 72 additions & 8 deletions sh_script/launch-rust-td.sh
Original file line number Diff line number Diff line change
@@ -1,14 +1,78 @@
#!/bin/bash

# Default values
QEMU_PATH="/usr/libexec/qemu-kvm"
BIOS_IMAGE="final.bin"
CPUS=1
MEM="1G"

# Function to display usage
usage() {
echo "Usage: $0 [options]"
echo "Options:"
echo " -p <qemu_path> Specify the QEMU executable path. Default is /usr/libexec/qemu-kvm."
echo " -c <cpus> Number of CPUs. Default is 1."
echo " -m <memory> Memory size. Default is 1G."
echo " -b <bios_image> Path to the BIOS image file. Default is final.bin."
echo " -h Display this help message and exit."
exit 1
}

# Parse command line options
while getopts ":p:c:m:b:h" opt; do
case $opt in
p)
QEMU_PATH="$OPTARG"
;;
c)
CPUS="$OPTARG"
;;
m)
MEM="$OPTARG"
;;
b)
BIOS_IMAGE="$OPTARG"
;;
h)
usage
;;
\?)
echo "Invalid option: -$OPTARG" >&2
usage
;;
:)
echo "Option -$OPTARG requires an argument." >&2
usage
;;
esac
done

# Timestamp for logfile
now=$(date +"%m%d_%H%M")
LOGFILE=stdout.${now}.log

QEMU=/home/oem/tdvf-install/usr/libexec/qemu-kvm
BIOS=/home/oem/final.bin
# Check QEMU version for memory backend options
QEMU_VERSION=$(${QEMU_PATH} --version | grep -oP 'version \K[^\s]+')
if [ "$(printf '%s\n' "8.0.0" "${QEMU_VERSION}" | sort -V | head -n1)" == "8.0.0" ]; then
MEMORY_BACKEND="-object memory-backend-ram,id=ram1,size=${MEM},private=on"
else
MEMORY_BACKEND="-object memory-backend-memfd-private,id=ram1,size=${MEM}"
fi

# Construct the QEMU command
QEMU_CMD="${QEMU_PATH} -accel kvm \
-name process=rust-td,debug-threads=on \
-smp ${CPUS} \
-object tdx-guest,id=tdx,debug=on \
-machine q35,memory-backend=ram1,kernel_irqchip=split,confidential-guest-support=tdx \
-no-hpet \
-cpu host,pmu=off,-kvm-steal-time \
-bios ${BIOS_IMAGE} \
-m ${MEM} -nographic -vga none \
-chardev stdio,id=mux,mux=on,signal=off \
-device virtio-serial,romfile= \
-device virtconsole,chardev=mux -serial chardev:mux -monitor chardev:mux \
-d int -no-reboot ${MEMORY_BACKEND}"

$QEMU \
-no-reboot -name debug-threads=on -enable-kvm -smp 1,sockets=1 -object tdx-guest,id=tdx,debug=on \
-machine q35,accel=kvm,kvm-type=tdx,kernel_irqchip=split,confidential-guest-support=tdx -no-hpet \
-cpu host,host-phys-bits,+invtsc \
-device loader,file=$BIOS,id=fd0 \
-m 2G -nographic -vga none | tee -a ${LOGFILE}
# Execute the QEMU command and redirect output to logfile
$QEMU_CMD 2>&1 | tee "${LOGFILE}"

0 comments on commit b7bb5bb

Please sign in to comment.