Add command line options for controlling PKVM mode
The kernel will soon start requiring a command line flag to enable KVM
protected mode. This patch modifies the build scripts to start passing
it by default, as it will be our default mode of operation. Option -N is
provided to disable it.
Change-Id: Ibc815c0295687043175d470892c8266047f8c47a
diff --git a/aarch64/run_qemu.sh b/aarch64/run_qemu.sh
index 58d7b5a..b18ca42 100755
--- a/aarch64/run_qemu.sh
+++ b/aarch64/run_qemu.sh
@@ -16,19 +16,20 @@
source "$(dirname "${BASH_SOURCE[0]}")/../common.inc"
-default_var QEMU "${PREBUILTS_QEMU_BIN}"
-default_var ROM_DIR "${PREBUILTS_QEMU_ROM_DIR}"
-default_var KERNEL "${LINUX_OUT_IMAGE}"
-default_var ROOTFS "${PREBUILTS_KUT_ROOTFS}"
-default_var TEMPLATE ""
-default_var CPU "max"
-default_var SMP 2
-default_var RAM 512
-default_var GIC 3
-default_var GDB 0
-default_var VERBOSE 0
-default_var KEEP_TEMP 0
-default_var TIMEOUT ""
+default_var QEMU "${PREBUILTS_QEMU_BIN}"
+default_var ROM_DIR "${PREBUILTS_QEMU_ROM_DIR}"
+default_var KERNEL "${LINUX_OUT_IMAGE}"
+default_var ROOTFS "${PREBUILTS_KUT_ROOTFS}"
+default_var TEMPLATE ""
+default_var CPU "max"
+default_var SMP 2
+default_var RAM 512
+default_var GIC 3
+default_var GDB 0
+default_var KVM_PROTECTED 1
+default_var VERBOSE 0
+default_var KEEP_TEMP 0
+default_var TIMEOUT ""
KiB=1024
MiB=$((1024 * KiB))
@@ -39,7 +40,7 @@
Usage: $0 [-h] [-v] [-K]
[-e QEMU] [-L ROM_DIR] [-k KERNEL] [-r ROOTFS] [-R DRIVE] [-T TEMPLATE]
- [-c CPU] [-s NUM_CPUS] [-m MEM] [-g GIC] [-G]
+ [-c CPU] [-s NUM_CPUS] [-m MEM] [-g GIC] [-G] [-N]
[-t TIMEOUT]
-h output this help text
@@ -55,6 +56,7 @@
-m amount of memory in MB (defaults to ${DEFAULT_RAM})
-g version of GIC (defaults to ${DEFAULT_GIC})
-G enable debugging of emulated system with GDB
+ -N disable protected KVM configuration
-t kill QEMU after given number of seconds
-K keep temp files
EOF
@@ -109,7 +111,7 @@
APPEND=()
EXTRA_RO_MOUNTS=()
-while getopts ":e:L:k:r:R:T:c:s:m:g:t:vGKh" OPT; do
+while getopts ":e:L:k:r:R:T:c:s:m:g:t:vGNKh" OPT; do
case "${OPT}" in
e) QEMU="${OPTARG}" ;;
L) ROM_DIR="${OPTARG}" ;;
@@ -124,6 +126,7 @@
t) TIMEOUT="${OPTARG}" ;;
v) VERBOSE=1 ;;
G) GDB=1 ;;
+ N) KVM_PROTECTED=0 ;;
K) KEEP_TEMP=1 ;;
h)
usage
@@ -182,6 +185,10 @@
APPEND+=(nokaslr)
fi
+if [ "${KVM_PROTECTED}" -eq 1 ]; then
+ APPEND+=(kvm-arm.protected=1)
+fi
+
CMD+=(-append "${APPEND[*]}")
if [ -n "${TEMPLATE}" ]; then
diff --git a/kvm-unit-tests/run_test.sh b/kvm-unit-tests/run_test.sh
index 3f5a95f..b7ca66d 100755
--- a/kvm-unit-tests/run_test.sh
+++ b/kvm-unit-tests/run_test.sh
@@ -21,6 +21,7 @@
default_var VERBOSE 0
default_var QUIET 0
default_var GDB 0
+default_var KVM_PROTECTED 1
default_var KERNEL ""
default_var TEST_PATH ""
default_var DISPLAY_NAME ""
@@ -47,16 +48,18 @@
-d Override test name displayed in result
-o Redirect stdout/stderr output to given file (implies -q)
-V Enable VHE configuration
+ -N Disable protected KVM configuration
-G Enable debugging of emulated system with GDB
EOF
}
-while getopts ":k:d:o:vVGqh" OPT; do
+while getopts ":k:d:o:vVNGqh" OPT; do
case "${OPT}" in
k) KERNEL="${OPTARG}" ;;
d) DISPLAY_NAME="${OPTARG}" ;;
v) VERBOSE=1 ;;
V) VHE=1 ;;
+ N) KVM_PROTECTED=0 ;;
q) QUIET=1 ;;
G) GDB=1 ;;
o)
@@ -108,6 +111,10 @@
CMD+=(-c "${CPU_NVHE}")
fi
+if [ "${KVM_PROTECTED}" -ne 1 ]; then
+ CMD+=(-N)
+fi
+
if [ -n "${KERNEL}" ]; then
CMD+=(-k "${KERNEL}")
fi