1*f1826463SDorjoy Chowdhury /*
2*f1826463SDorjoy Chowdhury * AWS nitro-enclave machine
3*f1826463SDorjoy Chowdhury *
4*f1826463SDorjoy Chowdhury * Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
5*f1826463SDorjoy Chowdhury *
6*f1826463SDorjoy Chowdhury * This work is licensed under the terms of the GNU GPL, version 2 or
7*f1826463SDorjoy Chowdhury * (at your option) any later version. See the COPYING file in the
8*f1826463SDorjoy Chowdhury * top-level directory.
9*f1826463SDorjoy Chowdhury */
10*f1826463SDorjoy Chowdhury
11*f1826463SDorjoy Chowdhury #include "qemu/osdep.h"
12*f1826463SDorjoy Chowdhury #include "qemu/error-report.h"
13*f1826463SDorjoy Chowdhury #include "qapi/error.h"
14*f1826463SDorjoy Chowdhury #include "qom/object_interfaces.h"
15*f1826463SDorjoy Chowdhury
16*f1826463SDorjoy Chowdhury #include "chardev/char.h"
17*f1826463SDorjoy Chowdhury #include "hw/sysbus.h"
18*f1826463SDorjoy Chowdhury #include "hw/core/eif.h"
19*f1826463SDorjoy Chowdhury #include "hw/i386/x86.h"
20*f1826463SDorjoy Chowdhury #include "hw/i386/microvm.h"
21*f1826463SDorjoy Chowdhury #include "hw/i386/nitro_enclave.h"
22*f1826463SDorjoy Chowdhury #include "hw/virtio/virtio-mmio.h"
23*f1826463SDorjoy Chowdhury #include "hw/virtio/virtio-nsm.h"
24*f1826463SDorjoy Chowdhury #include "hw/virtio/vhost-user-vsock.h"
25*f1826463SDorjoy Chowdhury #include "sysemu/hostmem.h"
26*f1826463SDorjoy Chowdhury
find_free_virtio_mmio_bus(void)27*f1826463SDorjoy Chowdhury static BusState *find_free_virtio_mmio_bus(void)
28*f1826463SDorjoy Chowdhury {
29*f1826463SDorjoy Chowdhury BusChild *kid;
30*f1826463SDorjoy Chowdhury BusState *bus = sysbus_get_default();
31*f1826463SDorjoy Chowdhury
32*f1826463SDorjoy Chowdhury QTAILQ_FOREACH(kid, &bus->children, sibling) {
33*f1826463SDorjoy Chowdhury DeviceState *dev = kid->child;
34*f1826463SDorjoy Chowdhury if (object_dynamic_cast(OBJECT(dev), TYPE_VIRTIO_MMIO)) {
35*f1826463SDorjoy Chowdhury VirtIOMMIOProxy *mmio = VIRTIO_MMIO(OBJECT(dev));
36*f1826463SDorjoy Chowdhury VirtioBusState *mmio_virtio_bus = &mmio->bus;
37*f1826463SDorjoy Chowdhury BusState *mmio_bus = &mmio_virtio_bus->parent_obj;
38*f1826463SDorjoy Chowdhury if (QTAILQ_EMPTY(&mmio_bus->children)) {
39*f1826463SDorjoy Chowdhury return mmio_bus;
40*f1826463SDorjoy Chowdhury }
41*f1826463SDorjoy Chowdhury }
42*f1826463SDorjoy Chowdhury }
43*f1826463SDorjoy Chowdhury
44*f1826463SDorjoy Chowdhury return NULL;
45*f1826463SDorjoy Chowdhury }
46*f1826463SDorjoy Chowdhury
vhost_user_vsock_init(NitroEnclaveMachineState * nems)47*f1826463SDorjoy Chowdhury static void vhost_user_vsock_init(NitroEnclaveMachineState *nems)
48*f1826463SDorjoy Chowdhury {
49*f1826463SDorjoy Chowdhury DeviceState *dev = qdev_new(TYPE_VHOST_USER_VSOCK);
50*f1826463SDorjoy Chowdhury VHostUserVSock *vsock = VHOST_USER_VSOCK(dev);
51*f1826463SDorjoy Chowdhury BusState *bus;
52*f1826463SDorjoy Chowdhury
53*f1826463SDorjoy Chowdhury if (!nems->vsock) {
54*f1826463SDorjoy Chowdhury error_report("A valid chardev id for vhost-user-vsock device must be "
55*f1826463SDorjoy Chowdhury "provided using the 'vsock' machine option");
56*f1826463SDorjoy Chowdhury exit(1);
57*f1826463SDorjoy Chowdhury }
58*f1826463SDorjoy Chowdhury
59*f1826463SDorjoy Chowdhury bus = find_free_virtio_mmio_bus();
60*f1826463SDorjoy Chowdhury if (!bus) {
61*f1826463SDorjoy Chowdhury error_report("Failed to find bus for vhost-user-vsock device");
62*f1826463SDorjoy Chowdhury exit(1);
63*f1826463SDorjoy Chowdhury }
64*f1826463SDorjoy Chowdhury
65*f1826463SDorjoy Chowdhury Chardev *chardev = qemu_chr_find(nems->vsock);
66*f1826463SDorjoy Chowdhury if (!chardev) {
67*f1826463SDorjoy Chowdhury error_report("Failed to find chardev with id %s", nems->vsock);
68*f1826463SDorjoy Chowdhury exit(1);
69*f1826463SDorjoy Chowdhury }
70*f1826463SDorjoy Chowdhury
71*f1826463SDorjoy Chowdhury vsock->conf.chardev.chr = chardev;
72*f1826463SDorjoy Chowdhury
73*f1826463SDorjoy Chowdhury qdev_realize_and_unref(dev, bus, &error_fatal);
74*f1826463SDorjoy Chowdhury }
75*f1826463SDorjoy Chowdhury
virtio_nsm_init(NitroEnclaveMachineState * nems)76*f1826463SDorjoy Chowdhury static void virtio_nsm_init(NitroEnclaveMachineState *nems)
77*f1826463SDorjoy Chowdhury {
78*f1826463SDorjoy Chowdhury DeviceState *dev = qdev_new(TYPE_VIRTIO_NSM);
79*f1826463SDorjoy Chowdhury VirtIONSM *vnsm = VIRTIO_NSM(dev);
80*f1826463SDorjoy Chowdhury BusState *bus = find_free_virtio_mmio_bus();
81*f1826463SDorjoy Chowdhury
82*f1826463SDorjoy Chowdhury if (!bus) {
83*f1826463SDorjoy Chowdhury error_report("Failed to find bus for virtio-nsm device.");
84*f1826463SDorjoy Chowdhury exit(1);
85*f1826463SDorjoy Chowdhury }
86*f1826463SDorjoy Chowdhury
87*f1826463SDorjoy Chowdhury qdev_prop_set_string(dev, "module-id", nems->id);
88*f1826463SDorjoy Chowdhury
89*f1826463SDorjoy Chowdhury qdev_realize_and_unref(dev, bus, &error_fatal);
90*f1826463SDorjoy Chowdhury nems->vnsm = vnsm;
91*f1826463SDorjoy Chowdhury }
92*f1826463SDorjoy Chowdhury
nitro_enclave_devices_init(NitroEnclaveMachineState * nems)93*f1826463SDorjoy Chowdhury static void nitro_enclave_devices_init(NitroEnclaveMachineState *nems)
94*f1826463SDorjoy Chowdhury {
95*f1826463SDorjoy Chowdhury vhost_user_vsock_init(nems);
96*f1826463SDorjoy Chowdhury virtio_nsm_init(nems);
97*f1826463SDorjoy Chowdhury }
98*f1826463SDorjoy Chowdhury
nitro_enclave_machine_state_init(MachineState * machine)99*f1826463SDorjoy Chowdhury static void nitro_enclave_machine_state_init(MachineState *machine)
100*f1826463SDorjoy Chowdhury {
101*f1826463SDorjoy Chowdhury NitroEnclaveMachineClass *ne_class =
102*f1826463SDorjoy Chowdhury NITRO_ENCLAVE_MACHINE_GET_CLASS(machine);
103*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *ne_state = NITRO_ENCLAVE_MACHINE(machine);
104*f1826463SDorjoy Chowdhury
105*f1826463SDorjoy Chowdhury ne_class->parent_init(machine);
106*f1826463SDorjoy Chowdhury nitro_enclave_devices_init(ne_state);
107*f1826463SDorjoy Chowdhury }
108*f1826463SDorjoy Chowdhury
nitro_enclave_machine_reset(MachineState * machine,ResetType type)109*f1826463SDorjoy Chowdhury static void nitro_enclave_machine_reset(MachineState *machine, ResetType type)
110*f1826463SDorjoy Chowdhury {
111*f1826463SDorjoy Chowdhury NitroEnclaveMachineClass *ne_class =
112*f1826463SDorjoy Chowdhury NITRO_ENCLAVE_MACHINE_GET_CLASS(machine);
113*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *ne_state = NITRO_ENCLAVE_MACHINE(machine);
114*f1826463SDorjoy Chowdhury
115*f1826463SDorjoy Chowdhury ne_class->parent_reset(machine, type);
116*f1826463SDorjoy Chowdhury
117*f1826463SDorjoy Chowdhury memset(ne_state->vnsm->pcrs, 0, sizeof(ne_state->vnsm->pcrs));
118*f1826463SDorjoy Chowdhury
119*f1826463SDorjoy Chowdhury /* PCR0 */
120*f1826463SDorjoy Chowdhury ne_state->vnsm->extend_pcr(ne_state->vnsm, 0, ne_state->image_sha384,
121*f1826463SDorjoy Chowdhury QCRYPTO_HASH_DIGEST_LEN_SHA384);
122*f1826463SDorjoy Chowdhury /* PCR1 */
123*f1826463SDorjoy Chowdhury ne_state->vnsm->extend_pcr(ne_state->vnsm, 1, ne_state->bootstrap_sha384,
124*f1826463SDorjoy Chowdhury QCRYPTO_HASH_DIGEST_LEN_SHA384);
125*f1826463SDorjoy Chowdhury /* PCR2 */
126*f1826463SDorjoy Chowdhury ne_state->vnsm->extend_pcr(ne_state->vnsm, 2, ne_state->app_sha384,
127*f1826463SDorjoy Chowdhury QCRYPTO_HASH_DIGEST_LEN_SHA384);
128*f1826463SDorjoy Chowdhury /* PCR3 */
129*f1826463SDorjoy Chowdhury if (ne_state->parent_role) {
130*f1826463SDorjoy Chowdhury ne_state->vnsm->extend_pcr(ne_state->vnsm, 3,
131*f1826463SDorjoy Chowdhury (uint8_t *) ne_state->parent_role,
132*f1826463SDorjoy Chowdhury strlen(ne_state->parent_role));
133*f1826463SDorjoy Chowdhury }
134*f1826463SDorjoy Chowdhury /* PCR4 */
135*f1826463SDorjoy Chowdhury if (ne_state->parent_id) {
136*f1826463SDorjoy Chowdhury ne_state->vnsm->extend_pcr(ne_state->vnsm, 4,
137*f1826463SDorjoy Chowdhury (uint8_t *) ne_state->parent_id,
138*f1826463SDorjoy Chowdhury strlen(ne_state->parent_id));
139*f1826463SDorjoy Chowdhury }
140*f1826463SDorjoy Chowdhury /* PCR8 */
141*f1826463SDorjoy Chowdhury if (ne_state->signature_found) {
142*f1826463SDorjoy Chowdhury ne_state->vnsm->extend_pcr(ne_state->vnsm, 8,
143*f1826463SDorjoy Chowdhury ne_state->fingerprint_sha384,
144*f1826463SDorjoy Chowdhury QCRYPTO_HASH_DIGEST_LEN_SHA384);
145*f1826463SDorjoy Chowdhury }
146*f1826463SDorjoy Chowdhury
147*f1826463SDorjoy Chowdhury /* First 16 PCRs are locked from boot and reserved for nitro enclave */
148*f1826463SDorjoy Chowdhury for (int i = 0; i < 16; ++i) {
149*f1826463SDorjoy Chowdhury ne_state->vnsm->lock_pcr(ne_state->vnsm, i);
150*f1826463SDorjoy Chowdhury }
151*f1826463SDorjoy Chowdhury }
152*f1826463SDorjoy Chowdhury
nitro_enclave_machine_initfn(Object * obj)153*f1826463SDorjoy Chowdhury static void nitro_enclave_machine_initfn(Object *obj)
154*f1826463SDorjoy Chowdhury {
155*f1826463SDorjoy Chowdhury MicrovmMachineState *mms = MICROVM_MACHINE(obj);
156*f1826463SDorjoy Chowdhury X86MachineState *x86ms = X86_MACHINE(obj);
157*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
158*f1826463SDorjoy Chowdhury
159*f1826463SDorjoy Chowdhury nems->id = g_strdup("i-234-enc5678");
160*f1826463SDorjoy Chowdhury
161*f1826463SDorjoy Chowdhury /* AWS nitro enclaves have PCIE and ACPI disabled */
162*f1826463SDorjoy Chowdhury mms->pcie = ON_OFF_AUTO_OFF;
163*f1826463SDorjoy Chowdhury x86ms->acpi = ON_OFF_AUTO_OFF;
164*f1826463SDorjoy Chowdhury }
165*f1826463SDorjoy Chowdhury
x86_load_eif(X86MachineState * x86ms,FWCfgState * fw_cfg,int acpi_data_size,bool pvh_enabled)166*f1826463SDorjoy Chowdhury static void x86_load_eif(X86MachineState *x86ms, FWCfgState *fw_cfg,
167*f1826463SDorjoy Chowdhury int acpi_data_size, bool pvh_enabled)
168*f1826463SDorjoy Chowdhury {
169*f1826463SDorjoy Chowdhury Error *err = NULL;
170*f1826463SDorjoy Chowdhury char *eif_kernel, *eif_initrd, *eif_cmdline;
171*f1826463SDorjoy Chowdhury MachineState *machine = MACHINE(x86ms);
172*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(x86ms);
173*f1826463SDorjoy Chowdhury
174*f1826463SDorjoy Chowdhury if (!read_eif_file(machine->kernel_filename, machine->initrd_filename,
175*f1826463SDorjoy Chowdhury &eif_kernel, &eif_initrd, &eif_cmdline,
176*f1826463SDorjoy Chowdhury nems->image_sha384, nems->bootstrap_sha384,
177*f1826463SDorjoy Chowdhury nems->app_sha384, nems->fingerprint_sha384,
178*f1826463SDorjoy Chowdhury &(nems->signature_found), &err)) {
179*f1826463SDorjoy Chowdhury error_report_err(err);
180*f1826463SDorjoy Chowdhury exit(1);
181*f1826463SDorjoy Chowdhury }
182*f1826463SDorjoy Chowdhury
183*f1826463SDorjoy Chowdhury g_free(machine->kernel_filename);
184*f1826463SDorjoy Chowdhury machine->kernel_filename = eif_kernel;
185*f1826463SDorjoy Chowdhury g_free(machine->initrd_filename);
186*f1826463SDorjoy Chowdhury machine->initrd_filename = eif_initrd;
187*f1826463SDorjoy Chowdhury
188*f1826463SDorjoy Chowdhury /*
189*f1826463SDorjoy Chowdhury * If kernel cmdline argument was provided, let's concatenate it to the
190*f1826463SDorjoy Chowdhury * extracted EIF kernel cmdline.
191*f1826463SDorjoy Chowdhury */
192*f1826463SDorjoy Chowdhury if (machine->kernel_cmdline != NULL) {
193*f1826463SDorjoy Chowdhury char *cmd = g_strdup_printf("%s %s", eif_cmdline,
194*f1826463SDorjoy Chowdhury machine->kernel_cmdline);
195*f1826463SDorjoy Chowdhury g_free(eif_cmdline);
196*f1826463SDorjoy Chowdhury g_free(machine->kernel_cmdline);
197*f1826463SDorjoy Chowdhury machine->kernel_cmdline = cmd;
198*f1826463SDorjoy Chowdhury } else {
199*f1826463SDorjoy Chowdhury machine->kernel_cmdline = eif_cmdline;
200*f1826463SDorjoy Chowdhury }
201*f1826463SDorjoy Chowdhury
202*f1826463SDorjoy Chowdhury x86_load_linux(x86ms, fw_cfg, 0, true);
203*f1826463SDorjoy Chowdhury
204*f1826463SDorjoy Chowdhury unlink(machine->kernel_filename);
205*f1826463SDorjoy Chowdhury unlink(machine->initrd_filename);
206*f1826463SDorjoy Chowdhury return;
207*f1826463SDorjoy Chowdhury }
208*f1826463SDorjoy Chowdhury
create_memfd_backend(MachineState * ms,const char * path,Error ** errp)209*f1826463SDorjoy Chowdhury static bool create_memfd_backend(MachineState *ms, const char *path,
210*f1826463SDorjoy Chowdhury Error **errp)
211*f1826463SDorjoy Chowdhury {
212*f1826463SDorjoy Chowdhury Object *obj;
213*f1826463SDorjoy Chowdhury MachineClass *mc = MACHINE_GET_CLASS(ms);
214*f1826463SDorjoy Chowdhury bool r = false;
215*f1826463SDorjoy Chowdhury
216*f1826463SDorjoy Chowdhury obj = object_new(TYPE_MEMORY_BACKEND_MEMFD);
217*f1826463SDorjoy Chowdhury if (!object_property_set_int(obj, "size", ms->ram_size, errp)) {
218*f1826463SDorjoy Chowdhury goto out;
219*f1826463SDorjoy Chowdhury }
220*f1826463SDorjoy Chowdhury object_property_add_child(object_get_objects_root(), mc->default_ram_id,
221*f1826463SDorjoy Chowdhury obj);
222*f1826463SDorjoy Chowdhury
223*f1826463SDorjoy Chowdhury if (!user_creatable_complete(USER_CREATABLE(obj), errp)) {
224*f1826463SDorjoy Chowdhury goto out;
225*f1826463SDorjoy Chowdhury }
226*f1826463SDorjoy Chowdhury r = object_property_set_link(OBJECT(ms), "memory-backend", obj, errp);
227*f1826463SDorjoy Chowdhury
228*f1826463SDorjoy Chowdhury out:
229*f1826463SDorjoy Chowdhury object_unref(obj);
230*f1826463SDorjoy Chowdhury return r;
231*f1826463SDorjoy Chowdhury }
232*f1826463SDorjoy Chowdhury
nitro_enclave_get_vsock_chardev_id(Object * obj,Error ** errp)233*f1826463SDorjoy Chowdhury static char *nitro_enclave_get_vsock_chardev_id(Object *obj, Error **errp)
234*f1826463SDorjoy Chowdhury {
235*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
236*f1826463SDorjoy Chowdhury
237*f1826463SDorjoy Chowdhury return g_strdup(nems->vsock);
238*f1826463SDorjoy Chowdhury }
239*f1826463SDorjoy Chowdhury
nitro_enclave_set_vsock_chardev_id(Object * obj,const char * value,Error ** errp)240*f1826463SDorjoy Chowdhury static void nitro_enclave_set_vsock_chardev_id(Object *obj, const char *value,
241*f1826463SDorjoy Chowdhury Error **errp)
242*f1826463SDorjoy Chowdhury {
243*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
244*f1826463SDorjoy Chowdhury
245*f1826463SDorjoy Chowdhury g_free(nems->vsock);
246*f1826463SDorjoy Chowdhury nems->vsock = g_strdup(value);
247*f1826463SDorjoy Chowdhury }
248*f1826463SDorjoy Chowdhury
nitro_enclave_get_id(Object * obj,Error ** errp)249*f1826463SDorjoy Chowdhury static char *nitro_enclave_get_id(Object *obj, Error **errp)
250*f1826463SDorjoy Chowdhury {
251*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
252*f1826463SDorjoy Chowdhury
253*f1826463SDorjoy Chowdhury return g_strdup(nems->id);
254*f1826463SDorjoy Chowdhury }
255*f1826463SDorjoy Chowdhury
nitro_enclave_set_id(Object * obj,const char * value,Error ** errp)256*f1826463SDorjoy Chowdhury static void nitro_enclave_set_id(Object *obj, const char *value,
257*f1826463SDorjoy Chowdhury Error **errp)
258*f1826463SDorjoy Chowdhury {
259*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
260*f1826463SDorjoy Chowdhury
261*f1826463SDorjoy Chowdhury g_free(nems->id);
262*f1826463SDorjoy Chowdhury nems->id = g_strdup(value);
263*f1826463SDorjoy Chowdhury }
264*f1826463SDorjoy Chowdhury
nitro_enclave_get_parent_role(Object * obj,Error ** errp)265*f1826463SDorjoy Chowdhury static char *nitro_enclave_get_parent_role(Object *obj, Error **errp)
266*f1826463SDorjoy Chowdhury {
267*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
268*f1826463SDorjoy Chowdhury
269*f1826463SDorjoy Chowdhury return g_strdup(nems->parent_role);
270*f1826463SDorjoy Chowdhury }
271*f1826463SDorjoy Chowdhury
nitro_enclave_set_parent_role(Object * obj,const char * value,Error ** errp)272*f1826463SDorjoy Chowdhury static void nitro_enclave_set_parent_role(Object *obj, const char *value,
273*f1826463SDorjoy Chowdhury Error **errp)
274*f1826463SDorjoy Chowdhury {
275*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
276*f1826463SDorjoy Chowdhury
277*f1826463SDorjoy Chowdhury g_free(nems->parent_role);
278*f1826463SDorjoy Chowdhury nems->parent_role = g_strdup(value);
279*f1826463SDorjoy Chowdhury }
280*f1826463SDorjoy Chowdhury
nitro_enclave_get_parent_id(Object * obj,Error ** errp)281*f1826463SDorjoy Chowdhury static char *nitro_enclave_get_parent_id(Object *obj, Error **errp)
282*f1826463SDorjoy Chowdhury {
283*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
284*f1826463SDorjoy Chowdhury
285*f1826463SDorjoy Chowdhury return g_strdup(nems->parent_id);
286*f1826463SDorjoy Chowdhury }
287*f1826463SDorjoy Chowdhury
nitro_enclave_set_parent_id(Object * obj,const char * value,Error ** errp)288*f1826463SDorjoy Chowdhury static void nitro_enclave_set_parent_id(Object *obj, const char *value,
289*f1826463SDorjoy Chowdhury Error **errp)
290*f1826463SDorjoy Chowdhury {
291*f1826463SDorjoy Chowdhury NitroEnclaveMachineState *nems = NITRO_ENCLAVE_MACHINE(obj);
292*f1826463SDorjoy Chowdhury
293*f1826463SDorjoy Chowdhury g_free(nems->parent_id);
294*f1826463SDorjoy Chowdhury nems->parent_id = g_strdup(value);
295*f1826463SDorjoy Chowdhury }
296*f1826463SDorjoy Chowdhury
nitro_enclave_class_init(ObjectClass * oc,void * data)297*f1826463SDorjoy Chowdhury static void nitro_enclave_class_init(ObjectClass *oc, void *data)
298*f1826463SDorjoy Chowdhury {
299*f1826463SDorjoy Chowdhury MachineClass *mc = MACHINE_CLASS(oc);
300*f1826463SDorjoy Chowdhury MicrovmMachineClass *mmc = MICROVM_MACHINE_CLASS(oc);
301*f1826463SDorjoy Chowdhury NitroEnclaveMachineClass *nemc = NITRO_ENCLAVE_MACHINE_CLASS(oc);
302*f1826463SDorjoy Chowdhury
303*f1826463SDorjoy Chowdhury mmc->x86_load_linux = x86_load_eif;
304*f1826463SDorjoy Chowdhury
305*f1826463SDorjoy Chowdhury mc->family = "nitro_enclave_i386";
306*f1826463SDorjoy Chowdhury mc->desc = "AWS Nitro Enclave";
307*f1826463SDorjoy Chowdhury
308*f1826463SDorjoy Chowdhury nemc->parent_init = mc->init;
309*f1826463SDorjoy Chowdhury mc->init = nitro_enclave_machine_state_init;
310*f1826463SDorjoy Chowdhury
311*f1826463SDorjoy Chowdhury nemc->parent_reset = mc->reset;
312*f1826463SDorjoy Chowdhury mc->reset = nitro_enclave_machine_reset;
313*f1826463SDorjoy Chowdhury
314*f1826463SDorjoy Chowdhury mc->create_default_memdev = create_memfd_backend;
315*f1826463SDorjoy Chowdhury
316*f1826463SDorjoy Chowdhury object_class_property_add_str(oc, NITRO_ENCLAVE_VSOCK_CHARDEV_ID,
317*f1826463SDorjoy Chowdhury nitro_enclave_get_vsock_chardev_id,
318*f1826463SDorjoy Chowdhury nitro_enclave_set_vsock_chardev_id);
319*f1826463SDorjoy Chowdhury object_class_property_set_description(oc, NITRO_ENCLAVE_VSOCK_CHARDEV_ID,
320*f1826463SDorjoy Chowdhury "Set chardev id for vhost-user-vsock "
321*f1826463SDorjoy Chowdhury "device");
322*f1826463SDorjoy Chowdhury
323*f1826463SDorjoy Chowdhury object_class_property_add_str(oc, NITRO_ENCLAVE_ID, nitro_enclave_get_id,
324*f1826463SDorjoy Chowdhury nitro_enclave_set_id);
325*f1826463SDorjoy Chowdhury object_class_property_set_description(oc, NITRO_ENCLAVE_ID,
326*f1826463SDorjoy Chowdhury "Set enclave identifier");
327*f1826463SDorjoy Chowdhury
328*f1826463SDorjoy Chowdhury object_class_property_add_str(oc, NITRO_ENCLAVE_PARENT_ROLE,
329*f1826463SDorjoy Chowdhury nitro_enclave_get_parent_role,
330*f1826463SDorjoy Chowdhury nitro_enclave_set_parent_role);
331*f1826463SDorjoy Chowdhury object_class_property_set_description(oc, NITRO_ENCLAVE_PARENT_ROLE,
332*f1826463SDorjoy Chowdhury "Set parent instance IAM role ARN");
333*f1826463SDorjoy Chowdhury
334*f1826463SDorjoy Chowdhury object_class_property_add_str(oc, NITRO_ENCLAVE_PARENT_ID,
335*f1826463SDorjoy Chowdhury nitro_enclave_get_parent_id,
336*f1826463SDorjoy Chowdhury nitro_enclave_set_parent_id);
337*f1826463SDorjoy Chowdhury object_class_property_set_description(oc, NITRO_ENCLAVE_PARENT_ID,
338*f1826463SDorjoy Chowdhury "Set parent instance identifier");
339*f1826463SDorjoy Chowdhury }
340*f1826463SDorjoy Chowdhury
341*f1826463SDorjoy Chowdhury static const TypeInfo nitro_enclave_machine_info = {
342*f1826463SDorjoy Chowdhury .name = TYPE_NITRO_ENCLAVE_MACHINE,
343*f1826463SDorjoy Chowdhury .parent = TYPE_MICROVM_MACHINE,
344*f1826463SDorjoy Chowdhury .instance_size = sizeof(NitroEnclaveMachineState),
345*f1826463SDorjoy Chowdhury .instance_init = nitro_enclave_machine_initfn,
346*f1826463SDorjoy Chowdhury .class_size = sizeof(NitroEnclaveMachineClass),
347*f1826463SDorjoy Chowdhury .class_init = nitro_enclave_class_init,
348*f1826463SDorjoy Chowdhury };
349*f1826463SDorjoy Chowdhury
nitro_enclave_machine_init(void)350*f1826463SDorjoy Chowdhury static void nitro_enclave_machine_init(void)
351*f1826463SDorjoy Chowdhury {
352*f1826463SDorjoy Chowdhury type_register_static(&nitro_enclave_machine_info);
353*f1826463SDorjoy Chowdhury }
354*f1826463SDorjoy Chowdhury type_init(nitro_enclave_machine_init);
355