Here is v9 of the set of patches to add support for IGVM files to QEMU. This is based on commit c77283dd5d79149f4e7e9edd00f65416c648ee59 of qemu.
Once again, this is mostly a rebase of the previous patch series. However, thanks to those reviewers who have provided feedback on v8 which has now been addressed in this new version. This v9 patch series is also available on github: [2] For testing IGVM support in QEMU you need to generate an IGVM file that is configured for the platform you want to launch. You can use the `buildigvm` test tool [3] to allow generation of IGVM files for all currently supported platforms. Patch 11/17 contains information on how to generate an IGVM file using this tool. Changes in v9: * Address review comments from v8 * Add metadata to relevant commits. Patch summary: 1-11: Add support and documentation for processing IGVM files for SEV, SEV-ES, SEV-SNP and native platforms. 12-15: Processing of policy and SEV-SNP ID_BLOCK from IGVM file. 16: Add pre-processing of IGVM file to support synchronization of 'SEV_FEATURES' from IGVM VMSA to KVM. [1] Link to v8: https://lists.gnu.org/archive/html/qemu-devel/2025-06/msg02324.html [2] v8 patches also available here: https://github.com/roy-hopkins/qemu/tree/igvm_master_v9 [3] `buildigvm` tool v0.2.0 https://github.com/roy-hopkins/buildigvm/releases/tag/v0.2.0 Roy Hopkins (16): meson: Add optional dependency on IGVM library backends/confidential-guest-support: Add functions to support IGVM backends/igvm: Add IGVM loader and configuration hw/i386: Add igvm-cfg object and processing for IGVM files i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM sev: Update launch_update_data functions to use Error handling target/i386: Allow setting of R_LDTR and R_TR with cpu_x86_load_seg_cache() i386/sev: Refactor setting of reset vector and initial CPU state i386/sev: Implement ConfidentialGuestSupport functions for SEV docs/system: Add documentation on support for IGVM docs/interop/firmware.json: Add igvm to FirmwareDevice backends/confidential-guest-support: Add set_guest_policy() function backends/igvm: Process initialization sections in IGVM file backends/igvm: Handle policy for SEV guests i386/sev: Add implementation of CGS set_guest_policy() sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2 backends/confidential-guest-support.c | 43 + backends/igvm-cfg.c | 51 + backends/igvm.c | 988 ++++++++++++++++++++ backends/igvm.h | 22 + backends/meson.build | 5 + docs/interop/firmware.json | 30 +- docs/system/i386/amd-memory-encryption.rst | 2 + docs/system/igvm.rst | 173 ++++ docs/system/index.rst | 1 + hw/i386/pc.c | 12 + hw/i386/pc_piix.c | 10 + hw/i386/pc_q35.c | 10 + hw/i386/pc_sysfw.c | 31 +- include/hw/i386/x86.h | 3 + include/system/confidential-guest-support.h | 88 ++ include/system/igvm-cfg.h | 49 + meson.build | 8 + meson_options.txt | 2 + qapi/qom.json | 17 + qemu-options.hx | 28 + scripts/meson-buildoptions.sh | 3 + target/i386/cpu.h | 9 +- target/i386/sev.c | 850 +++++++++++++++-- target/i386/sev.h | 124 +++ 24 files changed, 2475 insertions(+), 84 deletions(-) create mode 100644 backends/igvm-cfg.c create mode 100644 backends/igvm.c create mode 100644 backends/igvm.h create mode 100644 docs/system/igvm.rst create mode 100644 include/system/igvm-cfg.h -- 2.43.0
