Skip to content

Commit

Permalink
qemu: add feat numa,balloon,trim
Browse files Browse the repository at this point in the history 
Signed-off-by: Nikita Korolev <[email protected]>
  • Loading branch information
@universal-itengineer
universal-itengineer committed Jan 16, 2025
1 parent 3c21f2a commit a26c444
Show file tree
Hide file tree
Showing 6 changed files with 362 additions and 118 deletions.
23 changes: 12 additions & 11 deletions images/qemu-artifact/install-qemu.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ parse_args $@
FILE_LIST=$(cat <<EOF
$SRC_BUILD/trace/trace-events-all to /usr/local/share/qemu
$SRC_BUILD/qemu-system-x86_64 to /usr/local/bin
$SRC_BUILD/qga/qemu-ga to /usr/local/bin
$SRC_BUILD/qemu-keymap to /usr/local/bin
$SRC_BUILD/qemu-img to /usr/local/bin
$SRC_BUILD/qemu-io to /usr/local/bin
Expand All @@ -113,10 +114,10 @@ $SRC_BUILD/pc-bios/edk2-i386-secure-code.fd to /usr/local/share/qemu
$SRC_BUILD/pc-bios/edk2-i386-vars.fd to /usr/local/share/qemu
$SRC_BUILD/pc-bios/edk2-x86_64-code.fd to /usr/local/share/qemu
$SRC_BUILD/pc-bios/edk2-x86_64-secure-code.fd to /usr/local/share/qemu
$SRC_BUILD/pc-bios/edk2-loongarch64-code.fd to /usr/local/share/qemu
$SRC_BUILD/pc-bios/edk2-loongarch64-vars.fd to /usr/local/share/qemu
$SRC_BUILD/pc-bios/keymaps/ar to /usr/local/share/qemu/keymaps
$SRC_BUILD/pc-bios/keymaps/bepo to /usr/local/share/qemu/keymaps
# $SRC_BUILD/pc-bios/edk2-loongarch64-code.fd to /usr/local/share/qemu
# $SRC_BUILD/pc-bios/edk2-loongarch64-vars.fd to /usr/local/share/qemu
# $SRC_BUILD/pc-bios/keymaps/ar to /usr/local/share/qemu/keymaps
# $SRC_BUILD/pc-bios/keymaps/bepo to /usr/local/share/qemu/keymaps
# $SRC_BUILD/pc-bios/keymaps/cz to /usr/local/share/qemu/keymaps
# $SRC_BUILD/pc-bios/keymaps/da to /usr/local/share/qemu/keymaps
# $SRC_BUILD/pc-bios/keymaps/de to /usr/local/share/qemu/keymaps
Expand Down Expand Up @@ -218,8 +219,8 @@ $SRC_BASE/pc-bios/qemu_vga.ndrv to /usr/local/share/qemu
$SRC_BASE/pc-bios/edk2-licenses.txt to /usr/local/share/qemu
$SRC_BASE/pc-bios/hppa-firmware.img to /usr/local/share/qemu
$SRC_BASE/pc-bios/hppa-firmware64.img to /usr/local/share/qemu
$SRC_BASE/pc-bios/opensbi-riscv32-generic-fw_dynamic.bin to /usr/local/share/qemu
$SRC_BASE/pc-bios/opensbi-riscv64-generic-fw_dynamic.bin to /usr/local/share/qemu
# $SRC_BASE/pc-bios/opensbi-riscv32-generic-fw_dynamic.bin to /usr/local/share/qemu
# $SRC_BASE/pc-bios/opensbi-riscv64-generic-fw_dynamic.bin to /usr/local/share/qemu
$SRC_BASE/pc-bios/npcm7xx_bootrom.bin to /usr/local/share/qemu
$SRC_BASE/pc-bios/vof.bin to /usr/local/share/qemu
$SRC_BASE/pc-bios/vof-nvram.bin to /usr/local/share/qemu
Expand All @@ -229,13 +230,13 @@ $SRC_BASE/pc-bios/petalogix-s3adsp1800.dtb to /usr/local/share/qemu
$SRC_BASE/pc-bios/petalogix-ml605.dtb to /usr/local/share/qemu
$SRC_BUILD/pc-bios/descriptors/50-edk2-i386-secure.json to /usr/local/share/qemu/firmware
$SRC_BUILD/pc-bios/descriptors/50-edk2-x86_64-secure.json to /usr/local/share/qemu/firmware
$SRC_BUILD/pc-bios/descriptors/60-edk2-aarch64.json to /usr/local/share/qemu/firmware
$SRC_BUILD/pc-bios/descriptors/60-edk2-arm.json to /usr/local/share/qemu/firmware
# $SRC_BUILD/pc-bios/descriptors/60-edk2-aarch64.json to /usr/local/share/qemu/firmware
# $SRC_BUILD/pc-bios/descriptors/60-edk2-arm.json to /usr/local/share/qemu/firmware
$SRC_BUILD/pc-bios/descriptors/60-edk2-i386.json to /usr/local/share/qemu/firmware
$SRC_BUILD/pc-bios/descriptors/60-edk2-x86_64.json to /usr/local/share/qemu/firmware
$SRC_BUILD/pc-bios/descriptors/60-edk2-loongarch64.json to /usr/local/share/qemu/firmware
$SRC_BASE/pc-bios/keymaps/sl to /usr/local/share/qemu/keymaps
$SRC_BASE/pc-bios/keymaps/sv to /usr/local/share/qemu/keymaps
# $SRC_BUILD/pc-bios/descriptors/60-edk2-loongarch64.json to /usr/local/share/qemu/firmware
# $SRC_BASE/pc-bios/keymaps/sl to /usr/local/share/qemu/keymaps
# $SRC_BASE/pc-bios/keymaps/sv to /usr/local/share/qemu/keymaps
EOF
)

Expand Down
10 changes: 6 additions & 4 deletions images/qemu-artifact/werf.inc.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,10 @@ shell:
./configure \
--target-list="x86_64-softmmu" \
--enable-kvm \
--enable-guest-agent \
--enable-hv-balloon \
--enable-malloc-trim \
--enable-numa \
--enable-tcg \
--enable-vnc \
--enable-virtfs \
Expand All @@ -136,13 +140,11 @@ shell:
--disable-cloop \
--disable-dmg \
--disable-glusterfs \
--disable-guest-agent \
--disable-guest-agent-msi \
--disable-jack \
--disable-parallels \
--disable-xen \
--disable-xen-pci-passthrough
make -j$(nproc)
--disable-xen-pci-passthrough make -j$(nproc)
make install -j$(nproc)
Expand Down
208 changes: 111 additions & 97 deletions images/virt-firmware-artifact/build.sh
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
#!/bin/bash

#!/usr/bin/env bash

# Copyright 2024 Flant JSC
Expand All @@ -18,106 +16,122 @@

set -e

# Source edksetup.sh
versionEdk2=stable202411
gitRepoName=edk2
FIRMWARE=/FIRMWARE

cd /${gitRepoName}-${versionEdk2}

mkdir -p ${FIRMWARE}

download_DBXUpdate() {
local dst_dir=$1

if [ -z $dst_dir ];then dst_dir="OVMF"; fi

DBXDATE="20230509"
UEFI_BIN_URL_BASE="https://uefi.org/sites/default/files/resources"
# curl -L $UEFI_BIN_URL_BASE/x86_DBXUpdate$DBXDATE.bin -o $dst_dir/DBXUpdate-$DBXDATE.x86.bin
curl -L $UEFI_BIN_URL_BASE/x64_DBXUpdate_$DBXDATE.bin -o $dst_dir/DBXUpdate-$DBXDATE.x64.bin
}

# compiler
CC_FLAGS="-t GCC5"
CC_FLAGS="${CC_FLAGS} -b RELEASE"

CC_FLAGS="${CC_FLAGS} --cmd-len=65536"
CC_FLAGS="${CC_FLAGS} -D NETWORK_IP6_ENABLE=TRUE"
CC_FLAGS="${CC_FLAGS} -D NETWORK_HTTP_BOOT_ENABLE=TRUE -D NETWORK_ALLOW_HTTP_CONNECTIONS=TRUE"
CC_FLAGS="${CC_FLAGS} -D TPM2_ENABLE=TRUE -D TPM2_CONFIG_ENABLE=TRUE"
CC_FLAGS="${CC_FLAGS} -D TPM1_ENABLE=FALSE"
CC_FLAGS="${CC_FLAGS} -D CAVIUM_ERRATUM_27456=TRUE"

# ovmf features
OVMF_2M_FLAGS="${CC_FLAGS} -D FD_SIZE_2MB=TRUE -D NETWORK_TLS_ENABLE=FALSE -D NETWORK_ISCSI_ENABLE=FALSE"
OVMF_4M_FLAGS="${CC_FLAGS} -D FD_SIZE_4MB=TRUE -D NETWORK_TLS_ENABLE=TRUE -D NETWORK_ISCSI_ENABLE=TRUE"

# secure boot features
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SECURE_BOOT_ENABLE=TRUE"
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SMM_REQUIRE=TRUE"
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D EXCLUDE_SHELL_FROM_FD=TRUE -D BUILD_SHELL=FALSE"

export EDK_TOOLS_PATH="/${gitRepoName}-${versionEdk2}/BaseTools"
export PACKAGES_PATH="/${gitRepoName}-${versionEdk2}/BaseTools:/edk2-platforms:/edk2-staging"
unset MAKEFLAGS

cd "/${gitRepoName}-${versionEdk2}"
. edksetup.sh

# Ensure the Build directory is clean
rm -rf Build/*

# Build OVMF firmware
build_ovmf() {
local target=$1
local out_code=$2
local out_vars=$3
local dsc_file=$4
local build_dir=$5
local build_opts=$6

build -a X64 -t GCC5 -p $dsc_file -b RELEASE $build_opts
cp $build_dir/RELEASE_GCC5/FV/$(basename $out_code) /FIRMWARE/$(basename $out_code)
if [[ -n "$out_vars" ]]; then
cp $build_dir/RELEASE_GCC5/FV/$(basename $out_vars) /FIRMWARE/$(basename $out_vars)
fi
rm -rf Build/*
build_iso() {
dir="$1"
UEFI_SHELL_BINARY=${dir}/Shell.efi
ENROLLER_BINARY=${dir}/EnrollDefaultKeys.efi
UEFI_SHELL_IMAGE=uefi_shell.img
ISO_IMAGE=${dir}/UefiShell.iso

UEFI_SHELL_BINARY_BNAME=$(basename -- "$UEFI_SHELL_BINARY")
UEFI_SHELL_SIZE=$(stat --format=%%s -- "$UEFI_SHELL_BINARY")
ENROLLER_SIZE=$(stat --format=%%s -- "$ENROLLER_BINARY")

# add 1MB then 10 percent for metadata
UEFI_SHELL_IMAGE_KB=$((
(UEFI_SHELL_SIZE + ENROLLER_SIZE + 1 * 1024 * 1024) * 11 / 10 / 1024
))

# create non-partitioned FAT image
rm -f -- "$UEFI_SHELL_IMAGE"
mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB"

# copy the shell binary into the FAT image
export MTOOLS_SKIP_CHECK=1
mmd -i "$UEFI_SHELL_IMAGE" ::efi
mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot
mcopy -i "$UEFI_SHELL_IMAGE" "$UEFI_SHELL_BINARY" ::efi/boot/bootx64.efi
mcopy -i "$UEFI_SHELL_IMAGE" "$ENROLLER_BINARY" ::
mdir -i "$UEFI_SHELL_IMAGE" -/ ::

# build ISO with FAT image file as El Torito EFI boot image
xorrisofs -input-charset ASCII -J -rational-rock \
-e "$UEFI_SHELL_IMAGE" -no-emul-boot \
-o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE"
}

# Build Standard OVMF
build_ovmf "Standard OVMF" \
"/FIRMWARE/OVMF_CODE.fd" \
"/FIRMWARE/OVMF_VARS.fd" \
"OvmfPkg/OvmfPkgX64.dsc" \
"Build/OvmfX64" \
""

# Build Secure Boot OVMF
build_ovmf "Secure Boot OVMF" \
"/FIRMWARE/OVMF_CODE.secboot.fd" \
"/FIRMWARE/OVMF_VARS.secboot.fd" \
"OvmfPkg/OvmfPkgX64.dsc" \
"Build/OvmfX64" \
"-D SECURE_BOOT_ENABLE"

# Build Confidential Computing OVMF
build_ovmf "Confidential Computing OVMF" \
"/FIRMWARE/OVMF_CODE.cc.fd" \
"" \
"OvmfPkg/OvmfQemuCc.dsc" \
"Build/OvmfQemuCc" \
""

# Build AMD SEV OVMF
build_ovmf "AMD SEV OVMF" \
"/FIRMWARE/OVMF.amdsev.fd" \
"" \
"OvmfPkg/OvmfPkgX64.dsc" \
"Build/OvmfX64" \
"-D AMD_SEV=TRUE"

# Build Intel TDX OVMF
build_ovmf "Intel TDX OVMF" \
"/FIRMWARE/OVMF.inteltdx.fd" \
"" \
"OvmfPkg/OvmfQemuTdx.dsc" \
"Build/OvmfQemuTdx" \
""

# Build Intel TDX Secure Boot OVMF
build_ovmf "Intel TDX Secure Boot OVMF" \
"/FIRMWARE/OVMF.inteltdx.secboot.fd" \
"" \
"OvmfPkg/OvmfQemuTdx.dsc" \
"Build/OvmfQemuTdx" \
"-D SECURE_BOOT_ENABLE"

# Build UEFI Shell
build -a X64 -t GCC5 -p ShellPkg/ShellPkg.dsc -b RELEASE
cp Build/Shell/RELEASE_GCC5/X64/Shell.efi /FIRMWARE/Shell.efi
rm -rf Build/*

# Create UEFI Shell ISO
mkdir -p /iso/efi/boot
cp /FIRMWARE/Shell.efi /iso/efi/boot/bootx64.efi
genisoimage -o /FIRMWARE/UefiShell.iso -efi-boot-part --efi-boot-image -no-emul-boot /iso
rm -rf /iso

# Build EnrollDefaultKeys.efi from edk2-apps
cd /edk2-apps
. ../edk2/edksetup.sh

# Build EnrollDefaultKeys.efi
build -a X64 -t GCC5 -p SecMainPkg/SecMainPkg.dsc -m SecureBootEnrollDefaultKeys/EnrollDefaultKeys.inf -b RELEASE
cp Build/SecMainPkg/RELEASE_GCC5/X64/EnrollDefaultKeys.efi /FIRMWARE/EnrollDefaultKeys.efi
rm -rf Build/*

# Build DBXUpdate binary
cd /openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Test DBX Update/" -keyout dbxupdate_key.pem -out dbxupdate_cert.pem -nodes -days 365
sbattach --remove /FIRMWARE/EnrollDefaultKeys.efi
sbattach --attach dbxupdate_cert.pem /FIRMWARE/EnrollDefaultKeys.efi
cp /FIRMWARE/EnrollDefaultKeys.efi /FIRMWARE/DBXUpdate-20230509.x64.bin
# Build with neither SB nor SMM; include UEFI shell.
# mkdir -p OVMF

build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE.fd
cp -p Build/OvmfX64/*/FV/OVMF_VARS.fd $FIRMWARE/OVMF_VARS.fd
# Build 4MB with neither SB nor SMM; include UEFI shell.
build ${OVMF_4M_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE_4M.fd
cp -p Build/OvmfX64/*/FV/OVMF_VARS.fd $FIRMWARE/OVMF_VARS_4M.fd
# Build with SB and SMM; exclude UEFI shell.
build ${OVMF_2M_FLAGS} ${OVMF_SB_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE.secboot.fd
# Build 4MB with SB and SMM; exclude UEFI shell.
build ${OVMF_4M_FLAGS} ${OVMF_SB_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
cp -p Build/OvmfX64/*/FV/OVMF_CODE.fd $FIRMWARE/OVMF_CODE_4M.secboot.fd
# Build AmdSev and IntelTdx variants
touch OvmfPkg/AmdSev/Grub/grub.efi # dummy
build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc
cp -p Build/AmdSev/*/FV/OVMF.fd $FIRMWARE/OVMF.amdsev.fd
build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/IntelTdx/IntelTdxX64.dsc
cp -p Build/IntelTdx/*/FV/OVMF.fd $FIRMWARE/OVMF.inteltdx.fd

# build shell
build ${OVMF_2M_FLAGS} -a X64 -p ShellPkg/ShellPkg.dsc
build ${OVMF_2M_FLAGS} -a IA32 -p ShellPkg/ShellPkg.dsc

# build ovmf (x64) shell iso with EnrollDefaultKeys
#cp Build/Ovmf3264/*/X64/Shell.efi $FIRMWARE/
cp -p Build/Shell/*/X64/ShellPkg/Application/Shell/Shell/OUTPUT/Shell.efi $FIRMWARE/
cp -p Build/OvmfX64/*/X64/EnrollDefaultKeys.efi $FIRMWARE/

build_iso OVMF
download_DBXUpdate

cp -p $FIRMWARE/OVMF_VARS.fd $FIRMWARE/OVMF_VARS.secboot.fd
cp -p $FIRMWARE/OVMF_VARS_4M.fd $FIRMWARE/OVMF_VARS_4M.secboot.fd
cp -p $FIRMWARE/OVMF.inteltdx.fd $FIRMWARE/OVMF.inteltdx.secboot.fd

# build microvm
build ${OVMF_2M_FLAGS} -a X64 -p OvmfPkg/Microvm/MicrovmX64.dsc
cp -p Build/MicrovmX64/*/FV/MICROVM.fd $FIRMWARE
Loading

0 comments on commit a26c444

Please sign in to comment.