mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2024-11-24 04:09:48 +00:00
b12e8c2cac
Add support for running protected VMs with pKVM on Intel x86 [1]. The --protected-vm option is not workable yet, since loading pvmfw into guest memory via pKVM is not implemented yet, but the developer options --protected-vm-without-firmware and --protected-vm-with-firmware are working. Following the approach used for pKVM on arm64, the KVM uAPI used for running protected VMs on x86 is a "stable temporary" uAPI: the KVM_X86_PKVM_PROTECTED_VM value shall be updated when upstreaming pKVM to the mainline kernel (see also [2]). [1] https://android-review.git.corp.google.com/c/kernel/common/+/3351287 [2] https://android-review.git.corp.google.com/c/kernel/common/+/3351286 BUG=b:349990461 TEST=On an Intel device with kernel compiled with pKVM-IA patches [1] and kvm-intel.pkvm=1 added to kernel command line, run a VM with --protected-vm-without-firmware or with --protected-vm-with-firmware with the same test pvmfw image as in TEST= in CL:5797353. Change-Id: I625f5eb9a38eaef9312ba62308739efb66f163b0 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/6022852 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Dmytro Maluka <dmaluka@chromium.org> |
||
|---|---|---|
| .. | ||
| src | ||
| tests | ||
| bindgen.sh | ||
| Cargo.toml | ||