diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | README | 63 | ||||
| -rw-r--r-- | README.md | 204 | ||||
| -rwxr-xr-x | build.sh | 121 | ||||
| -rwxr-xr-x | distros/common.sh | 89 | ||||
| -rwxr-xr-x | distros/fedora-28/build.sh | 15 | ||||
| -rwxr-xr-x | distros/launch-qemu.sh (renamed from launch-qemu.sh) | 123 | ||||
| -rwxr-xr-x | distros/sles-15/build.sh | 12 | ||||
| -rw-r--r-- | distros/stable-commits (renamed from stable-commits) | 6 | ||||
| -rwxr-xr-x | distros/ubuntu-18.04/build.sh | 21 |
10 files changed, 365 insertions, 291 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e38d780 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +distros/ubuntu-18.04/src +distros/fedora-28/src @@ -1,63 +0,0 @@ -The repository contains the script to build the various components required to -enable the SEV support on AMD Eypc Processor. - -Prepare Hypervisor: -=================== -Follow the below steps to prepare the host OS (hypervisor) for SEV support: - -# cd /home/user/ -# git clone --single-branch -b master https://github.com/AMDESE/AMDSEV.git -# cd AMDSEV -# ./build.sh (this should take a while) - -The script is designed to produce a kernel deb packages. Install the new kernel -image as shown below: - -# cd /home/user/AMDSEV/output/kvm -# sudo dpkg -i linux-image-*.deb - -Reboot the host OS and select the newly built kernel image from the grub menu. - -On successful boot, verify that /dev/sev device is created. - -Prepare guest OS -================= -1) Download ubuntu iso image - -2) Install Ubuntu image - -# cd /home/user/AMDSEV/output/qemu-output -# qemu-img create -f qcow2 ubuntu-img.qcow2 30G (create empty qcow2 file) -# sudo ./launch-qemu.sh -hda ubuntu-img.qcow2 -nosev -cdrom <your_iso_image> -vnc 1 - -The installer GUI can be accessed via vnc port 1. Follow the installation screen -to complete the installation and reboot the guest with newly installed image. - -3) Install SEV aware guest kernel image - -SEV aware guest kernel deb packages is available in /home/user/AMDSEV/output/kvm -directory. - -a) Boot the guest image -# cd /home/user/AMDSEV/output/qemu-output -# sudo ./launch-qemu.sh -hda ubuntu-img.qcow2 -nosev -vnc 1 - -b) copy the SEV aware guest kernel deb packges from host to guest (hint use scp) - -c) install the kernel image -# sudo dpkg -i linux-image*.deb - -d) reboot the guest and verify - -NOTE: -To boot ubuntu using serial console follow the below recommendation: -https://askubuntu.com/questions/924913/how-to-get-to-the-grub-menu-at-boot-time-using-serial-console - -Launching SEV Guest -=================== -To launch SEV enabled guest, use: - -# cd /home/user/AMDSEV/output/qemu-output -# sudo ./launch-qemu.sh -hda <your disk image> - -NOTE: when guest is booting, CTRL-C is mapped to CTRL-], use CTRL-] to stop the guest diff --git a/README.md b/README.md new file mode 100644 index 0000000..91c60e4 --- /dev/null +++ b/README.md @@ -0,0 +1,204 @@ +# Secure Encrypted Virtualization (SEV) + +SEV is an extension to the AMD-V architecture which supports running encrypted +virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages +(code and data) secured such that only the guest itself has access to the +unencrypted version. Each encrypted VM is associated with a unique encryption +key; if its data is accessed to a different entity using a different key the +encrypted guests data will be incorrectly decrypted, leading to unintelligible +data. + +## Getting Started + +SEV support has been accepted in upstream projects. This repository provides +scripts to build various components to enable SEV support until the distros +pick the newer version of components. + +To enable the SEV support we need the following versions: +kernel >= 4.16 +qemu >= 2.15 +libvirt >= 4.5 +ovmf >= commit (75b7aa9528bd 2018-07-06 OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Restore C-bit when SEV is active) + +NOTES: + +1. Installing newer libvirt may conflict with existing setups hence script does + not install the newer version of libvirt. If you are interested in launching + SEV guest through the virsh commands then build and install libvirt 4.5 or + higher. Use LaunchSecurity tag https://libvirt.org/formatdomain.html#sev for + creating the SEV enabled guest. + +2. SEV support is not available in SeaBIOS. Guest must use OVMF. + + +## SLES-15 + +SUSE Linux Enterprise Server 15 GA includes the SEV support; we do not need +to compile the sources. + +NOTE: SLES-15 does not contain the updated libvirt packages yet hence we will +use QEMU command line interface to launch VMs. + +### Prepare Host OS + +SEV is not enabled by default, lets enable it through kernel command line: + +Append the following in /etc/defaults/grub + +``` +GRUB_CMDLINE_LINUX_DEFAULT=".... mem_encrypt=on kvm_amd.sev=1" +``` + +Regenerate grub.cfg and reboot the host + +``` +# grub2-mkconfig -o /boot/efi/EFI/sles/grub.cfg +# reboot +``` + +Install the qemu launch script + +``` +# cd distros/sles-15 +# ./build.sh +``` + +### Prepare VM image + +Create empty virtual disk image + +``` +# qemu-img create -f qcow2 sles-15.qcow2 30G +``` + +Create a new copy of OVMF_VARS.fd. The OVMF_VARS.fd is a "template" used +to emulate persistent NVRAM storage. Each VM needs a private, writable +copy of VARS.fd. + +``` +#cp /usr/share/qemu/ovmf-x86_64-suse-4m-vars.bin OVMF_VARS.fd +``` + +Download and install sles-15 guest + +``` +# launch-qemu.sh -hda sles-15.qcow2 -cdrom SLE-15-Installer-DVD-x86_64-GM-DVD1.iso +``` +Follow the screen to complete the guest installation. + +### Launch VM + +Use the following command to launch SEV guest + +``` +# launch-qemu.sh -hda sles-15.qcow2 +``` +NOTE: when guest is booting, CTRL-C is mapped to CTRL-], use CTRL-] to stop the guest + +## Fedora-28 + +Fedora-28 includes newer kernel and ovmf packages but has older version qemu. + +### Prepare Host OS + +SEV is not enabled by default, lets enable it through kernel command line: + +Append the following in /etc/defaults/grub + +``` +GRUB_CMDLINE_LINUX_DEFAULT=".... mem_encrypt=on kvm_amd.sev=1" +``` + +Regenerate grub.cfg and reboot the host + +``` +# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg +# reboot +``` + +Build and install newer qemu + +``` +# cd distros/fedora-28 +# ./build.sh +``` + +### Prepare VM image + +Create empty virtual disk image + +``` +# qemu-img create -f qcow2 fedora-28.qcow2 30G +``` + +Create a new copy of OVMF_VARS.fd. The OVMF_VARS.fd is a "template" used +to emulate persistent NVRAM storage. Each VM needs a private, writable +copy of VARS.fd. + +``` +# cp /usr/share/OVMF/OVMF_VARS.fd OVMF_VARS.fd +``` + +Download and install fedora-28 guest + +``` +# launch-qemu.sh -hda fedora-28.qcow2 -cdrom Fedora-Workstation-netinst-x86_64-28-1.1.iso +``` +Follow the screen to complete the guest installation. + +### Launch VM + +Use the following command to launch SEV guest + +``` +# launch-qemu.sh -hda fedora-28.qcow2 +``` + +NOTE: when guest is booting, CTRL-C is mapped to CTRL-], use CTRL-] to stop the guest + + +## Ubuntu 18.04 + +Ubuntu 18.04 does not includes the newer version of components to be used as SEV +hypervisor hence we will build and install newer kernel, qemu, ovmf. + +### Prepare Host OS + +Build and install newer components + +``` +# cd distros/ubuntu-18.04 +# ./build.sh +``` + +### Prepare VM image + +Create empty virtual disk image + +``` +# qemu-img create -f qcow2 ubuntu-18.04.qcow2 30G +``` + +Create a new copy of OVMF_VARS.fd. The OVMF_VARS.fd is a "template" used +to emulate persistent NVRAM storage. Each VM needs a private, writable +copy of VARS.fd. + +``` +# cp /usr/local/share/qemu/OVMF_VARS.fd OVMF_VARS.fd +``` + +Install ubuntu-18.04 guest + +``` +# launch-qemu.sh -hda ubuntu-18.04.qcow2 -cdrom ubuntu-18.04-desktop-amd64.iso +``` +Follow the screen to complete the guest installation. + +### Launch VM + +Use the following command to launch SEV guest + +``` +# launch-qemu.sh -hda ubuntu-18.04.qcow2 +``` +NOTE: when guest is booting, CTRL-C is mapped to CTRL-], use CTRL-] to stop the guest diff --git a/build.sh b/build.sh deleted file mode 100755 index 8099fc1..0000000 --- a/build.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash - -. ./stable-commits - -BUILD_DIR=`pwd`/src -OUTPUT_DIR=`pwd`/output -NUM_OF_CORES=`grep -c ^processor /proc/cpuinfo` - -run_cmd() -{ - echo "$*" - - $* - if [ $? -ne 0 ]; then - echo "ERROR: $*" - exit 1 - fi -} - -fetch_kernel() -{ - run_cmd "mkdir -p ${BUILD_DIR}/$1" - run_cmd "git clone --single-branch -b ${KERNEL_COMMIT} ${KERNEL_GIT_URL} ${BUILD_DIR}/$1" -} - -build_kernel() -{ - if [ ! -d $BUILD_DIR/$1 ]; then - fetch_kernel "$1" - fi - run_cmd "cd $BUILD_DIR/$1" - run_cmd "cp /boot/config-$(uname -r) .config" - sed -ie s/CONFIG_LOCALVERSION.*/CONFIG_LOCALVERSION=\"\"/g .config - ./scripts/config --enable CONFIG_AMD_MEM_ENCRYPT - ./scripts/config --enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT - ./scripts/config --enable CONFIG_KVM_AMD_SEV - ./scripts/config --disable CONFIG_DEBUG_INFO - ./scripts/config --enable CRYPTO_DEV_SP_PSP - ./scripts/config --module CRYPTO_DEV_CCP_DD - ./scripts/config --enable CONFIG_CRYPTO_DEV_CCP - ./scripts/config --disable CONFIG_LOCALVERSION_AUTO - yes "" | make olddefconfig - - if [ "$2" = "rpm" ]; then - echo "%_topdir `pwd`/rpmbuild" > $HOME/.rpmmacros - fi - run_cmd "make -j `getconf _NPROCESSORS_ONLN` $2-pkg LOCALVERSION=-sev" - run_cmd "mkdir -p $OUTPUT_DIR/$1" - if [ "$2" = "rpm" ]; then - run_cmd "mv `pwd`/rpmbuild/RPMS/* $OUTPUT_DIR/$1" - run_cmd "rm -rf `pwd`/rpmbuild" - run_cmd "rm -rf $HOME/.rpmmacros" - else - run_cmd "mv ../linux-*sev*.deb $OUTPUT_DIR/$1" - fi -} - -fetch_ovmf() -{ - run_cmd "mkdir -p ${BUILD_DIR}/edk2" - run_cmd "git clone ${EDK2_GIT_URL} ${BUILD_DIR}/edk2" - cd ${BUILD_DIR}/edk2 -} - -build_ovmf() -{ - if [ ! -d $BUILD_DIR/edk2 ]; then - fetch_ovmf - fi - cd $BUILD_DIR/edk2 - run_cmd "make -C BaseTools" - . ./edksetup.sh - run_cmd "nice build --cmd-len=64436 \ - -DDEBUG_ON_SERIAL_PORT=TRUE \ - -n $(getconf _NPROCESSORS_ONLN) \ - -a X64 \ - -a IA32 \ - -t GCC5 \ - -p OvmfPkg/OvmfPkgIa32X64.dsc" - run_cmd "mkdir -p $OUTPUT_DIR/qemu-output/share/qemu" - run_cmd "cp Build/Ovmf3264/DEBUG_GCC5/FV/OVMF_CODE.fd $OUTPUT_DIR/qemu-output/share/qemu" - run_cmd "cp Build/Ovmf3264/DEBUG_GCC5/FV/OVMF_VARS.fd $OUTPUT_DIR/qemu-output/" -} - -fetch_qemu() -{ - run_cmd "mkdir -p ${BUILD_DIR}/qemu" - run_cmd "git clone --single-branch -b ${QEMU_COMMIT} ${QEMU_GIT_URL} ${BUILD_DIR}/qemu" - cd ${BUILD_DIR}/qemu -} - -build_qemu() -{ - if [ ! -d $BUILD_DIR/qemu ]; then - fetch_qemu - fi - cd $BUILD_DIR/qemu - run_cmd "./configure --target-list=x86_64-softmmu --enable-trace-backend=log\ - --prefix=$OUTPUT_DIR/qemu-output" - run_cmd "make -j$(getconf _NPROCESSORS_ONLN)" - run_cmd "make -j$(getconf _NPROCESSORS_ONLN) install" - run_cmd "cp $BUILD_DIR/../launch-qemu.sh $OUTPUT_DIR/qemu-output" -} - -dep_install () -{ - # install the build dependencies - run_cmd "sudo apt-get -y install git build-essential zlib1g-dev libglib2.0-dev libpixman-1-dev uuid-dev nasm bison acpica-tools libncurses5-dev libssl-dev fakeroot dpkg-dev bc libelf-dev" -} - -grep ubuntu /etc/*-release* >/dev/null -if [ $? -eq 0 ]; then - dep_install - pkg="deb" -else - pkg="rpm" -fi - -build_kernel "linux" "$pkg" -build_qemu -build_ovmf diff --git a/distros/common.sh b/distros/common.sh new file mode 100755 index 0000000..7b0d539 --- /dev/null +++ b/distros/common.sh @@ -0,0 +1,89 @@ +#!/bin/bash + +. ../stable-commits + +BUILD_DIR=`pwd`/src +NUM_OF_CORES=`grep -c ^processor /proc/cpuinfo` + +run_cmd() +{ + echo "$*" + + $* + if [ $? -ne 0 ]; then + echo "ERROR: $*" + exit 1 + fi +} + +build_kernel() +{ + if [ ! -d $BUILD_DIR/linux ]; then + run_cmd "mkdir -p ${BUILD_DIR}/linux" + run_cmd "git clone --single-branch -b ${KERNEL_COMMIT} ${KERNEL_GIT_URL} ${BUILD_DIR}/linux" + fi + + pushd $BUILD_DIR/linux + run_cmd "cp /boot/config-$(uname -r) .config" + ./scripts/config --enable CONFIG_AMD_MEM_ENCRYPT + ./scripts/config --enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT + ./scripts/config --enable CONFIG_KVM_AMD_SEV + ./scripts/config --disable CONFIG_DEBUG_INFO + ./scripts/config --enable CRYPTO_DEV_SP_PSP + ./scripts/config --module CRYPTO_DEV_CCP_DD + ./scripts/config --enable CONFIG_CRYPTO_DEV_CCP + ./scripts/config --disable CONFIG_LOCALVERSION_AUTO + yes "" | make olddefconfig + + run_cmd "make -j `getconf _NPROCESSORS_ONLN` bindeb-pkg LOCALVERSION=-sev" + popd +} + +install_kernel() +{ + pushd $BUILD_DIR + run_cmd "dpkg -i *.deb" + popd +} + +build_install_ovmf() +{ + if [ ! -d $BUILD_DIR/edk2 ]; then + run_cmd "mkdir -p ${BUILD_DIR}/edk2" + run_cmd "git clone ${EDK2_GIT_URL} ${BUILD_DIR}/edk2" + pushd $BUILD_DIR/edk2 + run_cmd "git submodule update --init --recursive" + popd + fi + + pushd $BUILD_DIR/edk2 + #run_cmd "make -C BaseTools" + . ./edksetup.sh --reconfig + run_cmd "nice build --cmd-len=64436 \ + -DDEBUG_ON_SERIAL_PORT=TRUE \ + -n $(getconf _NPROCESSORS_ONLN) \ + -a X64 \ + -a IA32 \ + -t GCC5 \ + -DSMM_REQUIRE \ + -DSECURE_BOOT_ENABLE=TRUE \ + -p OvmfPkg/OvmfPkgIa32X64.dsc" + run_cmd "mkdir -p /usr/local/share/qemu" + run_cmd "cp Build/Ovmf3264/DEBUG_GCC5/FV/OVMF_CODE.fd $*" + run_cmd "cp Build/Ovmf3264/DEBUG_GCC5/FV/OVMF_VARS.fd $*" + popd +} + +build_install_qemu() +{ + if [ ! -d $BUILD_DIR/qemu ]; then + run_cmd "mkdir -p ${BUILD_DIR}/qemu" + run_cmd "git clone --single-branch -b ${QEMU_COMMIT} ${QEMU_GIT_URL} ${BUILD_DIR}/qemu" + fi + + pushd $BUILD_DIR/qemu + run_cmd "./configure --target-list=x86_64-softmmu --prefix=$*" + run_cmd "make -j$(getconf _NPROCESSORS_ONLN)" + run_cmd "make -j$(getconf _NPROCESSORS_ONLN) install" + popd +} diff --git a/distros/fedora-28/build.sh b/distros/fedora-28/build.sh new file mode 100755 index 0000000..15e6481 --- /dev/null +++ b/distros/fedora-28/build.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +. ../common.sh + +# install qemu and libvirt build depends +run_cmd "yum install yum-utils" +run_cmd "yum-builddep qemu" + +# build and install QEMU 2.12 +build_qemu "/usr/local" + +run_cmd "cp ../launch-qemu.sh /usr/local/bin" + +# fix path to pick rebuild BIOS +sed -i 's|UEFI_BIOS_CODE="/usr/local/share/qemu/OVMF_CODE.fd"|UEFI_BIOS_CODE=/usr/share/qemu//usr/share/OVMF/OVMF_CODE.secboot.fd|' /usr/local/bin/launch-qemu.sh diff --git a/launch-qemu.sh b/distros/launch-qemu.sh index 5174365..ad679ad 100755 --- a/launch-qemu.sh +++ b/distros/launch-qemu.sh @@ -3,18 +3,16 @@ # # user changeable parameters # -HDA_FILE="${HOME}/ubuntu-16.04-desktop.qcow2" -GUEST_SIZE_IN_MB="2048" +HDA_FILE="${HOME}/ubuntu-18.04-desktop.qcow2" +GUEST_SIZE_IN_MB="4096" SEV_GUEST="1" SMP_NCPUS="4" -CONSOLE="serial" -QEMU_INSTALL_DIR=`pwd`/bin/ -UEFI_BIOS_CODE="`pwd`/share/qemu/OVMF_CODE.fd" -UEFI_BIOS_VARS="`pwd`/OVMF_VARS.fd" +CONSOLE="qxl" +QEMU_INSTALL_DIR=/usr/local/bin/ +UEFI_BIOS_CODE="/usr/local/share/qemu/OVMF_CODE.fd" +UEFI_BIOS_VARS="OVMF_VARS.fd" #VNC_PORT="" -AUTOSTART="1" -ALLOW_DEBUG="0" -USE_VIRTIO="0" +USE_VIRTIO="1" usage() { echo "$0 [options]" @@ -23,15 +21,12 @@ usage() { echo " -nosev disable sev support" echo " -mem guest memory" echo " -smp number of cpus" - echo " -console display console to use (serial or graphics)" + echo " -console display console to use (serial or gxl)" echo " -vnc VNC port to use" echo " -bios bios to use (default $UEFI_BIOS_CODE)" echo " -kernel kernel to use" echo " -initrd initrd to use" - echo " -noauto do not autostart the guest" echo " -cdrom CDROM image" - echo " -hugetlb use hugetlbfs" - echo " -allow-debug allow debugging the VM" echo " -virtio use virtio devices" echo " -gdb start gdbserver" exit 1 @@ -41,22 +36,6 @@ add_opts() { echo -n "$* " >> ${QEMU_CMDLINE} } -stop_network() { - if [ "$GUEST_TAP_NAME" = "" ]; then - return - fi - run_cmd "ip tuntap del ${GUEST_TAP_NAME} mode tap" -} - -exit_from_int() { - stop_network - - rm -rf ${QEMU_CMDLINE} - # restore the mapping - stty intr ^c - exit 1 -} - run_cmd () { $* if [ $? -ne 0 ]; then @@ -65,48 +44,6 @@ run_cmd () { fi } -setup_hugetlbfs() { - HUGETLBFS=`mount | grep hugetlbfs | awk {'print $3'}` - if [ "${HUGETLBFS}" = "" ]; then - HUGETLBFS="/hugetlbfs" - run_cmd "mkdir -p $HUGETLBFS" - echo "Mounting $HUGETLBFS..." - run_cmd "mount -t hugetlbfs nodev $HUGETLBFS" - fi - # calculate number of hugepage we need for the guest - HPAGES=$((($GUEST_SIZE_IN_MB / 2) + 50)) - echo -n "Setting hugepage count " - echo $HPAGES | sudo tee /proc/sys/vm/nr_hugepages - - add_opts "-mem-path ${HUGETLBFS}" -} - -setup_bridge_network() { - # Get last tap device on host - TAP_NUM=`ifconfig | grep tap | tail -1 | cut -c4- | cut -f1 -d ' ' | cut -f1 -d:` - if [ "$TAP_NUM" = "" ]; then - TAP_NUM="1" - fi - TAP_NUM=`echo $(( TAP_NUM + 1 ))` - GUEST_TAP_NAME="tap${TAP_NUM}" - GUEST_MAC_ADDR=$(printf '00:60:2F:%02X:%02X:%02X\n' $[RANDOM%256] $[RANDOM%256] $[RANDOM%256]) - - echo "Starting network adapter '${GUEST_TAP_NAME}' MAC=$GUEST_MAC_ADDR" - run_cmd "ip tuntap add $GUEST_TAP_NAME mode tap user `whoami`" - run_cmd "ip link set $GUEST_TAP_NAME up" - run_cmd "ip link set $GUEST_TAP_NAME master br0" - - if [ "$USE_VIRTIO" = "1" ]; then - add_opts "-netdev type=tap,script=no,downscript=no,id=net0,ifname=$GUEST_TAP_NAME" - add_opts "-device virtio-net-pci,netdev=net0,disable-legacy=on,iommu_platform=true,romfile=" - else - add_opts "-device e1000,mac=${GUEST_MAC_ADDR},netdev=net0" - add_opts "-netdev tap,id=net0,ifname=$GUEST_TAP_NAME,script=no,downscript=no" - fi -} - -trap exit_from_int SIGINT - if [ `id -u` -ne 0 ]; then echo "Must be run as root!" exit 1 @@ -149,12 +86,6 @@ while [[ $1 != "" ]]; do -cdrom) CDROM_FILE=$2 shift ;; - -noauto) AUTOSTART="0" - ;; - -hugetlb) USE_HUGETLBFS="1" - ;; - -allow-debug) ALLOW_DEBUG="1" - ;; -virtio) USE_VIRTIO="1" ;; -gdb) USE_GDB="1" @@ -171,7 +102,7 @@ rm -rf ${QEMU_CMDLINE} add_opts "${QEMU_INSTALL_DIR}qemu-system-x86_64" # Basic virtual machine property -add_opts "-enable-kvm -cpu EPYC" +add_opts "-enable-kvm -cpu EPYC -machine q35" # add number of VCPUs [ ! -z ${SMP_NCPUS} ] && add_opts "-smp ${SMP_NCPUS},maxcpus=64" @@ -186,7 +117,9 @@ add_opts "-drive if=pflash,format=raw,unit=0,file=${UEFI_BIOS_CODE},readonly" add_opts "-drive if=pflash,format=raw,unit=1,file=${UEFI_BIOS_VARS}" # add CDROM if specified -[ ! -z ${CDROM_FILE} ] && add_opts "-drive file=${CDROM_FILE},media=cdrom,index=0" +[ ! -z ${CDROM_FILE} ] && add_opts "-drive file=${CDROM_FILE},media=cdrom -boot d" + +add_opts "-netdev user,id=vmnic -device e1000,netdev=vmnic" # If harddisk file is specified then add the HDD drive if [ ! -z ${HDA_FILE} ]; then @@ -198,8 +131,6 @@ if [ ! -z ${HDA_FILE} ]; then fi add_opts "-device virtio-scsi-pci,id=scsi,disable-legacy=on,iommu_platform=true" add_opts "-device scsi-hd,drive=disk0" - # virtio-blk - # add_opts "-device virtio-blk-pci,drive=disk0,disable-legacy=on,iommu_platform=true" else if [[ ${HDA_FILE} = *"qcow2" ]]; then add_opts "-drive file=${HDA_FILE},format=qcow2" @@ -211,19 +142,15 @@ fi # If this is SEV guest then add the encryption device objects to enable support if [ ${SEV_GUEST} = "1" ]; then - if [ "${ALLOW_DEBUG}" = "1" ]; then - SEV_DEBUG_POLICY=",policy=0x0" - fi - add_opts "-object sev-guest,id=sev0${SEV_DEBUG_POLICY},cbitpos=47,reduced-phys-bits=1" + add_opts "-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1" add_opts "-machine memory-encryption=sev0" fi -# if we are asked to use hugetlbfs -[ ! -z ${USE_HUGETLBFS} ] && setup_hugetlbfs - # if console is serial then disable graphical interface if [ "${CONSOLE}" = "serial" ]; then add_opts "-nographic" +else + add_opts "-vga ${CONSOLE}" fi # if -kernel arg is specified then use the kernel provided in command line for boot @@ -236,23 +163,8 @@ fi # start vnc server [ ! -z ${VNC_PORT} ] && add_opts "-vnc :${VNC_PORT}" && echo "Starting VNC on port ${VNC_PORT}" -# start monitor on pty and named socket 'monitor' -add_opts "-monitor pty -monitor unix:monitor,server,nowait" - -# do we do not need to autostart the guest -if [ "${AUTOSTART}" = "0" ]; then - echo "Disabling autostart" - add_opts "-S" -fi - -# check if host has bridge network -BR0_STATUS="`ifconfig | grep br0`" -if [ "$BR0_STATUS" != "" ]; then - setup_bridge_network -fi - -# start gdbserver -[ ! -z ${USE_GDB} ] && add_opts "-s" +# start monitor on pty +add_opts "-monitor pty" # add virtio ring if [ "$USE_VIRTIO" = "1" ]; then @@ -278,4 +190,3 @@ bash ${QEMU_CMDLINE} 2>&1 | tee -a ${QEMU_CONSOLE_LOG} stty intr ^c rm -rf ${QEMU_CMDLINE} -stop_network diff --git a/distros/sles-15/build.sh b/distros/sles-15/build.sh new file mode 100755 index 0000000..2269912 --- /dev/null +++ b/distros/sles-15/build.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +. ../common.sh + +run_cmd "cp ../launch-qemu.sh /usr/local/bin" + +# fix the path +sed -i 's|QEMU_INSTALL_DIR=/usr/local/bin/|QEMU_INSTALL_DIR=""|' /usr/local/bin/launch-qemu.sh +sed -i 's|UEFI_BIOS_CODE="/usr/local/share/qemu/OVMF_CODE.fd"|UEFI_BIOS_CODE=/usr/share/qemu/ovmf-x86_64-suse-4m.bin|' /usr/local/bin/launch-qemu.sh + +# sles may have older version of patch, lets fix the sev-guest params +sed -i 's|reduced-phys-bits=1|reduced-phys-bits=5|' /usr/local/bin/launch-qemu.sh diff --git a/stable-commits b/distros/stable-commits index bdae7b3..a133f5a 100644 --- a/stable-commits +++ b/distros/stable-commits @@ -4,7 +4,7 @@ # hypervisor commit KERNEL_GIT_URL=https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git -KERNEL_COMMIT=v4.16 +KERNEL_COMMIT=v4.17 # qemu commit QEMU_GIT_URL=http://git.qemu.org/git/qemu.git @@ -12,3 +12,7 @@ QEMU_COMMIT=v2.12.0 # guest bios EDK2_GIT_URL=https://github.com/tianocore/edk2.git + +# libvirt commit +LIBVIRT_GIT_URL=https://libvirt.org/git/libvirt.git +LIBVIRT_COMMIT=v4.5.0 diff --git a/distros/ubuntu-18.04/build.sh b/distros/ubuntu-18.04/build.sh new file mode 100755 index 0000000..7da8848 --- /dev/null +++ b/distros/ubuntu-18.04/build.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +. ../common.sh + +# build linux kernel image +run_cmd "apt-get build-dep linux-image-$(uname -r)" +run_cmd "apt-get install flex" +build_kernel + +# install newly built kernel +install_kernel + +# install qemu build deps +# build and install QEMU 2.12 +run_cmd "apt-get build-dep qemu" +build_install_qemu "/usr/local" + +run_cmd "apt-get build-dep ovmf" +build_install_ovmf "/usr/local/share/qemu" + +run_cmd "cp ../launch-qemu.sh /usr/local/bin" |