1#!/usr/bin/env python3 2# 3# Functional test that boots a Realms environment on virt machine and a nested 4# guest VM using it. 5# 6# Copyright (c) 2024 Linaro Ltd. 7# 8# Author: Pierrick Bouvier <pierrick.bouvier@linaro.org> 9# 10# SPDX-License-Identifier: GPL-2.0-or-later 11 12import os 13 14from qemu_test import QemuSystemTest, Asset 15from qemu_test import exec_command, wait_for_console_pattern 16from qemu_test import exec_command_and_wait_for_pattern 17 18def test_realms_guest(test_rme_instance): 19 20 # Boot the (nested) guest VM 21 exec_command(test_rme_instance, 22 'qemu-system-aarch64 -M virt,gic-version=3 ' 23 '-cpu host -enable-kvm -m 512M ' 24 '-M confidential-guest-support=rme0 ' 25 '-object rme-guest,id=rme0 ' 26 '-device virtio-net-pci,netdev=net0,romfile= ' 27 '-netdev user,id=net0 ' 28 '-kernel /mnt/out/bin/Image ' 29 '-initrd /mnt/out-br/images/rootfs.cpio ' 30 '-serial stdio') 31 # Detect Realm activation during (nested) guest boot. 32 wait_for_console_pattern(test_rme_instance, 33 'SMC_RMI_REALM_ACTIVATE') 34 # Wait for (nested) guest boot to complete. 35 wait_for_console_pattern(test_rme_instance, 36 'Welcome to Buildroot') 37 exec_command_and_wait_for_pattern(test_rme_instance, 'root', '#') 38 # query (nested) guest cca report 39 exec_command(test_rme_instance, 'cca-workload-attestation report') 40 wait_for_console_pattern(test_rme_instance, 41 '"cca-platform-hash-algo-id": "sha-256"') 42 wait_for_console_pattern(test_rme_instance, 43 '"cca-realm-hash-algo-id": "sha-512"') 44 wait_for_console_pattern(test_rme_instance, 45 '"cca-realm-public-key-hash-algo-id": "sha-256"') 46 47class Aarch64RMEVirtMachine(QemuSystemTest): 48 49 # Stack is built with OP-TEE build environment from those instructions: 50 # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ 51 # https://github.com/pbo-linaro/qemu-rme-stack 52 ASSET_RME_STACK_VIRT = Asset( 53 ('https://fileserver.linaro.org/s/iaRsNDJp2CXHMSJ/' 54 'download/rme-stack-op-tee-4.2.0-cca-v4-qemu_v8.tar.gz'), 55 '1851adc232b094384d8b879b9a2cfff07ef3d6205032b85e9b3a4a9ae6b0b7ad') 56 57 # This tests the FEAT_RME cpu implementation, by booting a VM supporting it, 58 # and launching a nested VM using it. 59 def test_aarch64_rme_virt(self): 60 self.set_machine('virt') 61 self.require_accelerator('tcg') 62 self.require_netdev('user') 63 64 self.vm.set_console() 65 66 stack_path_tar_gz = self.ASSET_RME_STACK_VIRT.fetch() 67 self.archive_extract(stack_path_tar_gz, format="tar") 68 69 rme_stack = self.scratch_file('rme-stack-op-tee-4.2.0-cca-v4-qemu_v8') 70 kernel = os.path.join(rme_stack, 'out', 'bin', 'Image') 71 bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin') 72 drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4') 73 74 self.vm.add_args('-cpu', 'max,x-rme=on,pauth-impdef=on') 75 self.vm.add_args('-m', '2G') 76 self.vm.add_args('-M', 'virt,acpi=off,' 77 'virtualization=on,' 78 'secure=on,' 79 'gic-version=3') 80 self.vm.add_args('-bios', bios) 81 self.vm.add_args('-kernel', kernel) 82 self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0') 83 self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0') 84 self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0') 85 self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0') 86 self.vm.add_args('-device', 'virtio-net-pci,netdev=net0') 87 self.vm.add_args('-netdev', 'user,id=net0') 88 # We need to add nokaslr to avoid triggering this sporadic bug: 89 # https://gitlab.com/qemu-project/qemu/-/issues/2823 90 self.vm.add_args('-append', 'root=/dev/vda nokaslr') 91 92 self.vm.launch() 93 # Wait for host VM boot to complete. 94 wait_for_console_pattern(self, 'Welcome to Buildroot', 95 failure_message='Synchronous Exception at') 96 exec_command_and_wait_for_pattern(self, 'root', '#') 97 98 test_realms_guest(self) 99 100if __name__ == '__main__': 101 QemuSystemTest.main() 102