1#!/usr/bin/env python3 2# 3# Functional test that boots a Realms environment on virt machine and a nested 4# guest VM using it. 5# 6# Copyright (c) 2024 Linaro Ltd. 7# 8# Author: Pierrick Bouvier <pierrick.bouvier@linaro.org> 9# 10# SPDX-License-Identifier: GPL-2.0-or-later 11 12import time 13import os 14import logging 15 16from qemu_test import QemuSystemTest, Asset 17from qemu_test import exec_command, wait_for_console_pattern 18from qemu_test import exec_command_and_wait_for_pattern 19 20def test_realms_guest(test_rme_instance): 21 22 # Boot the (nested) guest VM 23 exec_command(test_rme_instance, 24 'qemu-system-aarch64 -M virt,gic-version=3 ' 25 '-cpu host -enable-kvm -m 512M ' 26 '-M confidential-guest-support=rme0 ' 27 '-object rme-guest,id=rme0 ' 28 '-device virtio-net-pci,netdev=net0,romfile= ' 29 '-netdev user,id=net0 ' 30 '-kernel /mnt/out/bin/Image ' 31 '-initrd /mnt/out-br/images/rootfs.cpio ' 32 '-serial stdio') 33 # Detect Realm activation during (nested) guest boot. 34 wait_for_console_pattern(test_rme_instance, 35 'SMC_RMI_REALM_ACTIVATE') 36 # Wait for (nested) guest boot to complete. 37 wait_for_console_pattern(test_rme_instance, 38 'Welcome to Buildroot') 39 exec_command_and_wait_for_pattern(test_rme_instance, 'root', '#') 40 # query (nested) guest cca report 41 exec_command(test_rme_instance, 'cca-workload-attestation report') 42 wait_for_console_pattern(test_rme_instance, 43 '"cca-platform-hash-algo-id": "sha-256"') 44 wait_for_console_pattern(test_rme_instance, 45 '"cca-realm-hash-algo-id": "sha-512"') 46 wait_for_console_pattern(test_rme_instance, 47 '"cca-realm-public-key-hash-algo-id": "sha-256"') 48 49class Aarch64RMEVirtMachine(QemuSystemTest): 50 51 # Stack is built with OP-TEE build environment from those instructions: 52 # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ 53 # https://github.com/pbo-linaro/qemu-rme-stack 54 ASSET_RME_STACK_VIRT = Asset( 55 ('https://fileserver.linaro.org/s/iaRsNDJp2CXHMSJ/' 56 'download/rme-stack-op-tee-4.2.0-cca-v4-qemu_v8.tar.gz'), 57 '1851adc232b094384d8b879b9a2cfff07ef3d6205032b85e9b3a4a9ae6b0b7ad') 58 59 # This tests the FEAT_RME cpu implementation, by booting a VM supporting it, 60 # and launching a nested VM using it. 61 def test_aarch64_rme_virt(self): 62 self.set_machine('virt') 63 self.vm.set_console() 64 self.require_accelerator('tcg') 65 66 stack_path_tar_gz = self.ASSET_RME_STACK_VIRT.fetch() 67 self.archive_extract(stack_path_tar_gz, format="tar") 68 69 rme_stack = self.scratch_file('rme-stack-op-tee-4.2.0-cca-v4-qemu_v8') 70 kernel = os.path.join(rme_stack, 'out', 'bin', 'Image') 71 bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin') 72 drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4') 73 74 self.vm.add_args('-cpu', 'max,x-rme=on,pauth-impdef=on') 75 self.vm.add_args('-m', '2G') 76 self.vm.add_args('-M', 'virt,acpi=off,' 77 'virtualization=on,' 78 'secure=on,' 79 'gic-version=3') 80 self.vm.add_args('-bios', bios) 81 self.vm.add_args('-kernel', kernel) 82 self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0') 83 self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0') 84 self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0') 85 self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0') 86 self.vm.add_args('-device', 'virtio-net-pci,netdev=net0') 87 self.vm.add_args('-netdev', 'user,id=net0') 88 self.vm.add_args('-append', 'root=/dev/vda') 89 90 self.vm.launch() 91 # Wait for host VM boot to complete. 92 wait_for_console_pattern(self, 'Welcome to Buildroot') 93 exec_command_and_wait_for_pattern(self, 'root', '#') 94 95 test_realms_guest(self) 96 97if __name__ == '__main__': 98 QemuSystemTest.main() 99