From 8b65315933da644fdb31af1cfc632b9245ee0499 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pierre-Cl=C3=A9ment=20Tosi?= Date: Mon, 9 Jan 2023 15:58:20 +0000 Subject: [PATCH] pvmfw: README: Document loading Bug: 263548441 Bug: 217709313 Test: N/A Change-Id: I3630a713f07d1c0a26bba2ecf38d8772a1865eee --- pvmfw/README.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/pvmfw/README.md b/pvmfw/README.md index a2368765..006a94b5 100644 --- a/pvmfw/README.md +++ b/pvmfw/README.md @@ -48,6 +48,40 @@ pvmfw currently only supports AArch64. ## Integration +### pvmfw Loading + +When running pKVM, the physical memory from which the hypervisor loads pvmfw +into guest address space is not initially populated by the hypervisor itself. +Instead, it receives a pre-loaded memory region from a trusted pvmfw loader and +only then becomes responsible for protecting it. As a result, the hypervisor is +kept generic (beyond AVF) and small as it is not expected (nor necessary) for it +to know how to interpret or obtain the content of that region. + +#### Android Bootloader (ABL) Support + +Starting in Android T, the `PRODUCT_BUILD_PVMFW_IMAGE` build variable controls +the generation of `pvmfw.img`, a new [ABL partition][ABL-part] containing the +pvmfw binary and following the internal format of the [`boot`][boot-img] +partition, intended to be verified and loaded by ABL on AVF-compatible devices. + +To support pKVM, ABL is expected to describe the region using a reserved memory +device tree node where both address and size have been properly aligned to the +page size used by the hypervisor. For example, the following node describes a +region of size `0x40000` at address `0x80000000`: +``` +reserved-memory { + ... + pkvm_guest_firmware { + compatible = "linux,pkvm-guest-firmware-memory"; + reg = <0x0 0x80000000 0x40000>; + no-map; + } +} +``` + +[ABL-part]: https://source.android.com/docs/core/architecture/bootloader/partitions +[boot-img]: https://source.android.com/docs/core/architecture/bootloader/boot-image-header + ### Configuration Data As part of the process of loading pvmfw, the loader (typically the Android