Fix known TDX issues

2025-06-25 02:13:24 +00:00 · 2024-07-09 10:34:59 +08:00
parent d43fbd88ba
commit b73412c2ff
3 changed files with 15 additions and 14 deletions
--- a/3
+++ b/3
@ -53,6 +53,7 @@ CARGO_OSDK_ARGS += --release
 endif
 ifeq ($(INTEL_TDX), 1)
 BOOT_METHOD = grub-qcow2
 BOOT_PROTOCOL = linux-efi-handover64
 CARGO_OSDK_ARGS += --scheme tdx
 CARGO_OSDK_ARGS += --features intel_tdx
@ -77,7 +78,7 @@ CARGO_OSDK_ARGS += --grub-boot-protocol=$(BOOT_PROTOCOL)
 endif
 ifeq ($(ENABLE_KVM), 1)
-CARGO_OSDK_ARGS += --qemu-args="--enable-kvm"
+CARGO_OSDK_ARGS += --qemu-args="-accel kvm"
 endif
 # Pass make variables to all subdirectory makes
--- a/OSDK.toml
+++ b/OSDK.toml
@ -46,10 +46,8 @@ qemu.args = "$(./tools/qemu_args.sh iommu)"
 supported_archs = ["x86_64"]
 build.features = ["intel_tdx"]
 boot.method = "grub-qcow2"
 grub.mkrescue_path = "~/tdx-tools/grub"
 grub.protocol = "linux"
 qemu.args = """\
    -accel kvm \
    -name process=tdxvm,debug-threads=on \
    -m ${MEM:-8G} \
    -smp ${SMP:-1} \
@ -58,18 +56,18 @@ qemu.args = """\
    -monitor pty \
    -no-hpet \
    -nodefaults \
-    -monitor telnet:127.0.0.1:9003,server,nowait \
+    -bios /usr/share/qemu/OVMF.fd \
-    -object tdx-guest,sept-ve-disable,id=tdx,quote-generation-service=vsock:2:4050 \
+    -object tdx-guest,sept-ve-disable=on,id=tdx,quote-generation-service=vsock:2:4050 \
-    -cpu host,-kvm-steal-time,pmu=off,tsc-freq=1000000000 \
+    -cpu host,-kvm-steal-time,pmu=off \
-    -machine q35,kernel_irqchip=split,confidential-guest-support=tdx \
+    -machine q35,kernel_irqchip=split,confidential-guest-support=tdx,memory-backend=ram1 \
-    -device virtio-net-pci,netdev=mynet0,disable-legacy=on,disable-modern=off \
+    -object memory-backend-memfd-private,id=ram1,size=${MEM:-8G} \
    -device virtio-net-pci,netdev=mynet0 \
    -device virtio-keyboard-pci,disable-legacy=on,disable-modern=off \
-    -device virtio-blk-pci,bus=pcie.0,addr=0x6,drive=x0,disable-legacy=on,disable-modern=off \
+    -netdev user,id=mynet0,hostfwd=tcp::10027-:22 \
-    -drive file=fs.img,if=none,format=raw,id=x0 \
+    -chardev stdio,id=mux,mux=on,logfile=qemu.log \
    -netdev user,id=mynet0,hostfwd=tcp::10027-:22,hostfwd=tcp::54136-:8090 \
    -chardev stdio,id=mux,mux=on,logfile=./$(date '+%Y-%m-%dT%H%M%S').log \
    -device virtio-serial,romfile= \
    -device virtconsole,chardev=mux \
    -device isa-debug-exit,iobase=0xf4,iosize=0x04 \
    -monitor chardev:mux \
    -serial chardev:mux \
 """
--- a/kernel/aster-nix/src/device/tdxguest/mod.rs
+++ b/kernel/aster-nix/src/device/tdxguest/mod.rs
@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MPL-2.0
-use aster_frame::mm::{DmaCoherent, FrameAllocOptions, HasPaddr, VmIo};
+use ostd::mm::{DmaCoherent, FrameAllocOptions, HasPaddr, VmIo};
 use tdx_guest::tdcall::{get_report, TdCallError};
 use super::*;
@ -53,6 +53,7 @@ impl From<TdCallError> for Error {
                Error::with_message(Errno::EBUSY, "TdCallError::TdxOperandBusy")
            }
            TdCallError::Other => Error::with_message(Errno::EAGAIN, "TdCallError::Other"),
            _ => todo!(),
        }
    }
 }
@ -110,6 +111,7 @@ fn handle_get_report(arg: usize) -> Result<i32> {
    dma_coherent
        .read_bytes(1024, &mut generated_report)
        .unwrap();
-    write_bytes_to_user(tdx_report_vaddr, &generated_report)?;
+    let report_slice: &[u8] = &generated_report;
    write_bytes_to_user(tdx_report_vaddr, &mut VmReader::from(report_slice))?;
    Ok(0)
 }