-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AArch64: Add direct kernel boot support #297
base: main
Are you sure you want to change the base?
Conversation
302ea26
to
3e1374e
Compare
3e1374e
to
bcd2900
Compare
Add a utility function to retrive the info from FDT. It's VMM's responsibility to store kernel info inside FDT Chosen node then we can get it there. Signed-off-by: Jianyong Wu <[email protected]>
Add kernel image loader and try to find kernel image info in FDT, if there is one, load and start kernel directly. Signed-off-by: Jianyong Wu <[email protected]>
Reserved 64M for payload to hold kernel image. So, bump ram_min to 0x44400000 Signed-off-by: Jianyong Wu <[email protected]>
cmdline is essential for direct kernel boot. To pass cmdline: 1. get original cmdline from FDT; 2. allocate memory for it; 3. convert raw cmdline from utf-8 to utf-16; 4. put cmdline info into image handle; Signed-off-by: Jianyong Wu <[email protected]>
bcd2900
to
6f2ebeb
Compare
@jongwu I do not understand why direct boot is needed. When a kernel image is specified by VMM arguments, the image is loaded directly into the guest memory and sets up the guest state as described in the document. This way, no firmware (RHF, EDK2) is required. Please clarify the motivation for this feature. |
Hi @retrage -, UEFI based direct kernel boot means that starts firmware first and load kernel instead of bootloader when firmware transfers control at the so-called BDS(Boot Device Selection) phase. We need firmware because we need ACPI and also we want to start kernel specified by command line not from disk. We can get some benifits from this feature:
With this feature, we can deploy RHF more widely such as into kata and confidential computing containers. |
@retrage Do you have any interest in this PR? |
@rbradford I still don't understand the motivation, but it's worth to merge to the main branch if Confidential Computing really needs this feature. |
Direct kernel boot, that load and start kernel specified by kernel cmdline, is an important feature in some scenairo like secure containers, confidential container.
How does it work?
Dependency:
CH lacks of support for this feature;