Re: [PATCH v5 00/43] arm64: Support for Arm CCA in KVM

[PATCH v5 00/43] arm64: Support for Arm CCA in KVM · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 01/43] KVM: Prepare for handling only shared mappings in mmu_notifier events · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 02/43] kvm: arm64: pgtable: Track the number of pages in the entry level · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 02/43] kvm: arm64: pgtable: Track the number of pages in the entry level · Gavin Shan <hidden> · 2024-10-23
Re: [PATCH v5 02/43] kvm: arm64: pgtable: Track the number of pages in the entry level · Steven Price <steven.price@arm.com> · 2024-10-23
[PATCH v5 03/43] kvm: arm64: Include kvm_emulate.h in kvm/arm_psci.h · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 04/43] arm64: RME: Handle Granule Protection Faults (GPFs) · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 04/43] arm64: RME: Handle Granule Protection Faults (GPFs) · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-10-24
Re: [PATCH v5 04/43] arm64: RME: Handle Granule Protection Faults (GPFs) · Steven Price <steven.price@arm.com> · 2024-10-25
[PATCH v5 05/43] arm64: RME: Add SMC definitions for calling the RMM · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 05/43] arm64: RME: Add SMC definitions for calling the RMM · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-07
Re: [PATCH v5 05/43] arm64: RME: Add SMC definitions for calling the RMM · Gavin Shan <hidden> · 2024-10-25
Re: [PATCH v5 05/43] arm64: RME: Add SMC definitions for calling the RMM · Steven Price <steven.price@arm.com> · 2024-10-25
[PATCH v5 06/43] arm64: RME: Add wrappers for RMI calls · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 06/43] arm64: RME: Add wrappers for RMI calls · Gavin Shan <hidden> · 2024-10-25
Re: [PATCH v5 06/43] arm64: RME: Add wrappers for RMI calls · Steven Price <steven.price@arm.com> · 2024-10-25
[PATCH v5 07/43] arm64: RME: Check for RME support at KVM init · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 07/43] arm64: RME: Check for RME support at KVM init · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-07
[PATCH v5 08/43] arm64: RME: Define the user ABI · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 09/43] arm64: RME: ioctls to create and configure realms · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 09/43] arm64: RME: ioctls to create and configure realms · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-08
Re: [PATCH v5 09/43] arm64: RME: ioctls to create and configure realms · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-10-30
Re: [PATCH v5 09/43] arm64: RME: ioctls to create and configure realms · Steven Price <steven.price@arm.com> · 2024-11-01
[PATCH v5 10/43] kvm: arm64: Expose debug HW register numbers for Realm · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 11/43] arm64: kvm: Allow passing machine type in KVM creation · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 12/43] arm64: RME: Keep a spare page delegated to the RMM · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 13/43] arm64: RME: RTT tear down · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 13/43] arm64: RME: RTT tear down · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-15
Re: [PATCH v5 13/43] arm64: RME: RTT tear down · Steven Price <steven.price@arm.com> · 2024-11-01
[PATCH v5 14/43] arm64: RME: Allocate/free RECs to match vCPUs · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 14/43] arm64: RME: Allocate/free RECs to match vCPUs · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-15
[PATCH v5 15/43] arm64: RME: Support for the VGIC in realms · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 15/43] arm64: RME: Support for the VGIC in realms · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-15
[PATCH v5 16/43] KVM: arm64: Support timers in realm RECs · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 17/43] arm64: RME: Allow VMM to set RIPAS · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 17/43] arm64: RME: Allow VMM to set RIPAS · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-16
Re: [PATCH v5 17/43] arm64: RME: Allow VMM to set RIPAS · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-10-30
[PATCH v5 18/43] arm64: RME: Handle realm enter/exit · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 18/43] arm64: RME: Handle realm enter/exit · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-17
Re: [PATCH v5 18/43] arm64: RME: Handle realm enter/exit · Steven Price <steven.price@arm.com> · 2024-11-29
Re: [PATCH v5 18/43] arm64: RME: Handle realm enter/exit · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-11-29
Re: [PATCH v5 18/43] arm64: RME: Handle realm enter/exit · Steven Price <steven.price@arm.com> · 2024-11-29
[PATCH v5 19/43] KVM: arm64: Handle realm MMIO emulation · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 19/43] KVM: arm64: Handle realm MMIO emulation · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-10-07
Re: [PATCH v5 19/43] KVM: arm64: Handle realm MMIO emulation · Steven Price <steven.price@arm.com> · 2024-10-07
Re: [PATCH v5 19/43] KVM: arm64: Handle realm MMIO emulation · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-17
[PATCH v5 20/43] arm64: RME: Allow populating initial contents · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 21/43] arm64: RME: Runtime faulting of memory · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 21/43] arm64: RME: Runtime faulting of memory · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-10-22
Re: [PATCH v5 21/43] arm64: RME: Runtime faulting of memory · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-10-23
Re: [PATCH v5 21/43] arm64: RME: Runtime faulting of memory · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-24
Re: [PATCH v5 21/43] arm64: RME: Runtime faulting of memory · Aneesh Kumar K.V <aneesh.kumar@kernel.org> · 2024-10-24
[PATCH v5 22/43] KVM: arm64: Handle realm VCPU load · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 23/43] KVM: arm64: Validate register access for a Realm VM · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 23/43] KVM: arm64: Validate register access for a Realm VM · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-17
[PATCH v5 24/43] KVM: arm64: Handle Realm PSCI requests · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 25/43] KVM: arm64: WARN on injected undef exceptions · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 26/43] arm64: Don't expose stolen time for realm guests · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 26/43] arm64: Don't expose stolen time for realm guests · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-18
[PATCH v5 27/43] arm64: rme: allow userspace to inject aborts · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 28/43] arm64: rme: support RSI_HOST_CALL · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 29/43] arm64: rme: Allow checking SVE on VM instance · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 30/43] arm64: RME: Always use 4k pages for realms · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 31/43] arm64: rme: Prevent Device mappings for Realms · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 31/43] arm64: rme: Prevent Device mappings for Realms · Suzuki K Poulose <suzuki.poulose@arm.com> · 2024-10-18
[PATCH v5 32/43] arm_pmu: Provide a mechanism for disabling the physical IRQ · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 33/43] arm64: rme: Enable PMU support with a realm guest · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 34/43] kvm: rme: Hide KVM_CAP_READONLY_MEM for realm guests · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 35/43] arm64: RME: Propagate number of breakpoints and watchpoints to userspace · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 36/43] arm64: RME: Set breakpoint parameters through SET_ONE_REG · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 37/43] arm64: RME: Initialize PMCR.N with number counter supported by RMM · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 38/43] arm64: RME: Propagate max SVE vector length from RMM · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 39/43] arm64: RME: Configure max SVE vector length for a Realm · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 40/43] arm64: RME: Provide register list for unfinalized RME RECs · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 41/43] arm64: RME: Provide accurate register list · Steven Price <steven.price@arm.com> · 2024-10-04
[PATCH v5 42/43] arm64: kvm: Expose support for private memory · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 42/43] arm64: kvm: Expose support for private memory · kernel test robot <hidden> · 2024-10-09
[PATCH v5 43/43] KVM: arm64: Allow activating realms · Steven Price <steven.price@arm.com> · 2024-10-04
Re: [PATCH v5 00/43] arm64: Support for Arm CCA in KVM · Itaru Kitayama <hidden> · 2024-12-02
Re: [PATCH v5 00/43] arm64: Support for Arm CCA in KVM · Steven Price <steven.price@arm.com> · 2024-12-02
Re: [PATCH v5 00/43] arm64: Support for Arm CCA in KVM · Jean-Philippe Brucker <hidden> · 2024-12-02
Re: [PATCH v5 00/43] arm64: Support for Arm CCA in KVM · Itaru Kitayama <hidden> · 2024-12-02

From: Steven Price <steven.price@arm.com>
Date: 2024-12-02 08:54:18
Also in: kvm, kvmarm, linux-coco, lkml

Hi Itaru,

On 02/12/2024 05:10, Itaru Kitayama wrote:

On Fri, Oct 04, 2024 at 04:27:21PM +0100, Steven Price wrote:

quoted

This series adds support for running protected VMs using KVM under the
Arm Confidential Compute Architecture (CCA).

...

On FVP, the v5+v7 kernel is unable to execute virt-manager:

Starting install...
Allocating 'test9.qcow2'                                    |    0 B  00:00 ...
Removing disk 'test9.qcow2'                                 |    0 B  00:00
ERROR    internal error: process exited while connecting to monitor: 2024-12-04T18:56:11.646168Z qemu-system-aarch64: -accel kvm: ioctl(KVM_CREATE_VM) failed: Invalid argument
2024-12-04T18:56:11.646520Z qemu-system-aarch64: -accel kvm: failed to initialize kvm: Invalid argument
Domain installation does not appear to have been successful.

Can you check that the kernel has detected the RMM being available, you
should have a message like below when the host kernel is booting:

kvm [1]: RMI ABI version 1.0

My guess is that you've got mismatched versions of the RMM and TF-A. The
interface between those two components isn't stable and there were
breaking changes fairly recently. And obviously if the RMM hasn't
initialised successfully then confidential VMs won't be available.

Below is my virt-manager options:

virt-install --machine=virt --arch=aarch64 --name=test9 --memory=2048 --vcpu=1 --nographic --check all=off --features acpi=off --virt-type kvm --boot kernel=Image-cca,initrd=rootfs.cpio,kernel_args='earlycon console=ttyAMA0 rdinit=/sbin/init rw root=/dev/vda acpi=off' --qemu-commandline='-M virt,confidential-guest-support=rme0,gic-version=3 -cpu host -object rme-guest,id=rme0 -nodefaults' --disk size=4 --import --osinfo detect=on,require=off

Userland is Ubuntu 24.10, the VMM is Linaro's cca/2024-11-20:

https://git.codelinaro.org/linaro/dcap/qemu/-/tree/cca/2024-11-20?ref_type=heads

I don't think this is the latest QEMU tree, Jean-Philippe posted an
update last week:

https://lore.kernel.org/qemu-devel/20241125195626.856992-2-jean-philippe@linaro.org/ (local)

I'm not sure if there were any important updates there, but there are
detailed instructions that might help.

Regards,
Steve

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help