xref: /openbmc/qemu/tests/functional/test_aarch64_rme_virt.py (revision 53f3a13ac1069975ad47cf8bd05cc96b4ac09962) 
10d77c908SPierrick Bouvier#!/usr/bin/env python3
20d77c908SPierrick Bouvier#
30d77c908SPierrick Bouvier# Functional test that boots a Realms environment on virt machine and a nested
40d77c908SPierrick Bouvier# guest VM using it.
50d77c908SPierrick Bouvier#
60d77c908SPierrick Bouvier# Copyright (c) 2024 Linaro Ltd.
70d77c908SPierrick Bouvier#
80d77c908SPierrick Bouvier# Author: Pierrick Bouvier <pierrick.bouvier@linaro.org>
90d77c908SPierrick Bouvier#
100d77c908SPierrick Bouvier# SPDX-License-Identifier: GPL-2.0-or-later
110d77c908SPierrick Bouvier
120d77c908SPierrick Bouvierimport time
130d77c908SPierrick Bouvierimport os
140d77c908SPierrick Bouvierimport logging
150d77c908SPierrick Bouvier
160d77c908SPierrick Bouvierfrom qemu_test import QemuSystemTest, Asset
170d77c908SPierrick Bouvierfrom qemu_test import exec_command, wait_for_console_pattern
180d77c908SPierrick Bouvierfrom qemu_test import exec_command_and_wait_for_pattern
190d77c908SPierrick Bouvier
200d77c908SPierrick Bouvierdef test_realms_guest(test_rme_instance):
210d77c908SPierrick Bouvier
220d77c908SPierrick Bouvier    # Boot the (nested) guest VM
230d77c908SPierrick Bouvier    exec_command(test_rme_instance,
240d77c908SPierrick Bouvier                 'qemu-system-aarch64 -M virt,gic-version=3 '
250d77c908SPierrick Bouvier                 '-cpu host -enable-kvm -m 512M '
260d77c908SPierrick Bouvier                 '-M confidential-guest-support=rme0 '
270d77c908SPierrick Bouvier                 '-object rme-guest,id=rme0 '
280d77c908SPierrick Bouvier                 '-device virtio-net-pci,netdev=net0,romfile= '
290d77c908SPierrick Bouvier                 '-netdev user,id=net0 '
300d77c908SPierrick Bouvier                 '-kernel /mnt/out/bin/Image '
310d77c908SPierrick Bouvier                 '-initrd /mnt/out-br/images/rootfs.cpio '
320d77c908SPierrick Bouvier                 '-serial stdio')
330d77c908SPierrick Bouvier    # Detect Realm activation during (nested) guest boot.
340d77c908SPierrick Bouvier    wait_for_console_pattern(test_rme_instance,
350d77c908SPierrick Bouvier                             'SMC_RMI_REALM_ACTIVATE')
360d77c908SPierrick Bouvier    # Wait for (nested) guest boot to complete.
370d77c908SPierrick Bouvier    wait_for_console_pattern(test_rme_instance,
380d77c908SPierrick Bouvier                             'Welcome to Buildroot')
390d77c908SPierrick Bouvier    exec_command_and_wait_for_pattern(test_rme_instance, 'root', '#')
400d77c908SPierrick Bouvier    # query (nested) guest cca report
410d77c908SPierrick Bouvier    exec_command(test_rme_instance, 'cca-workload-attestation report')
420d77c908SPierrick Bouvier    wait_for_console_pattern(test_rme_instance,
430d77c908SPierrick Bouvier                             '"cca-platform-hash-algo-id": "sha-256"')
440d77c908SPierrick Bouvier    wait_for_console_pattern(test_rme_instance,
450d77c908SPierrick Bouvier                             '"cca-realm-hash-algo-id": "sha-512"')
460d77c908SPierrick Bouvier    wait_for_console_pattern(test_rme_instance,
470d77c908SPierrick Bouvier                             '"cca-realm-public-key-hash-algo-id": "sha-256"')
480d77c908SPierrick Bouvier
490d77c908SPierrick Bouvierclass Aarch64RMEVirtMachine(QemuSystemTest):
500d77c908SPierrick Bouvier
510d77c908SPierrick Bouvier    # Stack is built with OP-TEE build environment from those instructions:
520d77c908SPierrick Bouvier    # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/
530d77c908SPierrick Bouvier    # https://github.com/pbo-linaro/qemu-rme-stack
540d77c908SPierrick Bouvier    ASSET_RME_STACK_VIRT = Asset(
550d77c908SPierrick Bouvier        ('https://fileserver.linaro.org/s/iaRsNDJp2CXHMSJ/'
560d77c908SPierrick Bouvier         'download/rme-stack-op-tee-4.2.0-cca-v4-qemu_v8.tar.gz'),
570d77c908SPierrick Bouvier         '1851adc232b094384d8b879b9a2cfff07ef3d6205032b85e9b3a4a9ae6b0b7ad')
580d77c908SPierrick Bouvier
590d77c908SPierrick Bouvier    # This tests the FEAT_RME cpu implementation, by booting a VM supporting it,
600d77c908SPierrick Bouvier    # and launching a nested VM using it.
610d77c908SPierrick Bouvier    def test_aarch64_rme_virt(self):
620d77c908SPierrick Bouvier        self.set_machine('virt')
630d77c908SPierrick Bouvier        self.require_accelerator('tcg')
64dba0752fSThomas Huth        self.require_netdev('user')
65dba0752fSThomas Huth
66dba0752fSThomas Huth        self.vm.set_console()
670d77c908SPierrick Bouvier
680d77c908SPierrick Bouvier        stack_path_tar_gz = self.ASSET_RME_STACK_VIRT.fetch()
690d77c908SPierrick Bouvier        self.archive_extract(stack_path_tar_gz, format="tar")
700d77c908SPierrick Bouvier
710d77c908SPierrick Bouvier        rme_stack = self.scratch_file('rme-stack-op-tee-4.2.0-cca-v4-qemu_v8')
720d77c908SPierrick Bouvier        kernel = os.path.join(rme_stack, 'out', 'bin', 'Image')
730d77c908SPierrick Bouvier        bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin')
740d77c908SPierrick Bouvier        drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4')
750d77c908SPierrick Bouvier
760d77c908SPierrick Bouvier        self.vm.add_args('-cpu', 'max,x-rme=on,pauth-impdef=on')
770d77c908SPierrick Bouvier        self.vm.add_args('-m', '2G')
780d77c908SPierrick Bouvier        self.vm.add_args('-M', 'virt,acpi=off,'
790d77c908SPierrick Bouvier                         'virtualization=on,'
800d77c908SPierrick Bouvier                         'secure=on,'
810d77c908SPierrick Bouvier                         'gic-version=3')
820d77c908SPierrick Bouvier        self.vm.add_args('-bios', bios)
830d77c908SPierrick Bouvier        self.vm.add_args('-kernel', kernel)
840d77c908SPierrick Bouvier        self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0')
850d77c908SPierrick Bouvier        self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0')
860d77c908SPierrick Bouvier        self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0')
870d77c908SPierrick Bouvier        self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0')
880d77c908SPierrick Bouvier        self.vm.add_args('-device', 'virtio-net-pci,netdev=net0')
890d77c908SPierrick Bouvier        self.vm.add_args('-netdev', 'user,id=net0')
90*4412d713SPierrick Bouvier        # We need to add nokaslr to avoid triggering this sporadic bug:
91*4412d713SPierrick Bouvier        # https://gitlab.com/qemu-project/qemu/-/issues/2823
92*4412d713SPierrick Bouvier        self.vm.add_args('-append', 'root=/dev/vda nokaslr')
930d77c908SPierrick Bouvier
940d77c908SPierrick Bouvier        self.vm.launch()
950d77c908SPierrick Bouvier        # Wait for host VM boot to complete.
962a8e8544SPierrick Bouvier        wait_for_console_pattern(self, 'Welcome to Buildroot',
972a8e8544SPierrick Bouvier                                 failure_message='Synchronous Exception at')
980d77c908SPierrick Bouvier        exec_command_and_wait_for_pattern(self, 'root', '#')
990d77c908SPierrick Bouvier
1000d77c908SPierrick Bouvier        test_realms_guest(self)
1010d77c908SPierrick Bouvier
1020d77c908SPierrick Bouvierif __name__ == '__main__':
1030d77c908SPierrick Bouvier    QemuSystemTest.main()
104