Add command line options for controlling PKVM mode

The kernel will soon start requiring a command line flag to enable KVM
protected mode. This patch modifies the build scripts to start passing
it by default, as it will be our default mode of operation. Option -N is
provided to disable it.

Change-Id: Ibc815c0295687043175d470892c8266047f8c47a
diff --git a/aarch64/run_qemu.sh b/aarch64/run_qemu.sh
index 58d7b5a..b18ca42 100755
--- a/aarch64/run_qemu.sh
+++ b/aarch64/run_qemu.sh
@@ -16,19 +16,20 @@
 
 source "$(dirname "${BASH_SOURCE[0]}")/../common.inc"
 
-default_var QEMU	"${PREBUILTS_QEMU_BIN}"
-default_var ROM_DIR	"${PREBUILTS_QEMU_ROM_DIR}"
-default_var KERNEL	"${LINUX_OUT_IMAGE}"
-default_var ROOTFS	"${PREBUILTS_KUT_ROOTFS}"
-default_var TEMPLATE	""
-default_var CPU		"max"
-default_var SMP		2
-default_var RAM		512
-default_var GIC		3
-default_var GDB		0
-default_var VERBOSE	0
-default_var KEEP_TEMP	0
-default_var TIMEOUT	""
+default_var QEMU		"${PREBUILTS_QEMU_BIN}"
+default_var ROM_DIR		"${PREBUILTS_QEMU_ROM_DIR}"
+default_var KERNEL		"${LINUX_OUT_IMAGE}"
+default_var ROOTFS		"${PREBUILTS_KUT_ROOTFS}"
+default_var TEMPLATE		""
+default_var CPU			"max"
+default_var SMP			2
+default_var RAM			512
+default_var GIC			3
+default_var GDB			0
+default_var KVM_PROTECTED	1
+default_var VERBOSE		0
+default_var KEEP_TEMP		0
+default_var TIMEOUT		""
 
 KiB=1024
 MiB=$((1024 * KiB))
@@ -39,7 +40,7 @@
 
 Usage: $0 [-h] [-v] [-K]
        [-e QEMU] [-L ROM_DIR] [-k KERNEL] [-r ROOTFS] [-R DRIVE] [-T TEMPLATE]
-       [-c CPU] [-s NUM_CPUS] [-m MEM] [-g GIC] [-G]
+       [-c CPU] [-s NUM_CPUS] [-m MEM] [-g GIC] [-G] [-N]
        [-t TIMEOUT]
 
     -h    output this help text
@@ -55,6 +56,7 @@
     -m    amount of memory in MB (defaults to ${DEFAULT_RAM})
     -g    version of GIC (defaults to ${DEFAULT_GIC})
     -G    enable debugging of emulated system with GDB
+    -N    disable protected KVM configuration
     -t    kill QEMU after given number of seconds
     -K    keep temp files
 EOF
@@ -109,7 +111,7 @@
 APPEND=()
 EXTRA_RO_MOUNTS=()
 
-while getopts ":e:L:k:r:R:T:c:s:m:g:t:vGKh" OPT; do
+while getopts ":e:L:k:r:R:T:c:s:m:g:t:vGNKh" OPT; do
 	case "${OPT}" in
 	e)	QEMU="${OPTARG}"		;;
 	L)	ROM_DIR="${OPTARG}"		;;
@@ -124,6 +126,7 @@
 	t)	TIMEOUT="${OPTARG}"		;;
 	v)	VERBOSE=1			;;
 	G)	GDB=1				;;
+	N)	KVM_PROTECTED=0			;;
 	K)	KEEP_TEMP=1			;;
 	h)
 		usage
@@ -182,6 +185,10 @@
 	APPEND+=(nokaslr)
 fi
 
+if [ "${KVM_PROTECTED}" -eq 1 ]; then
+	APPEND+=(kvm-arm.protected=1)
+fi
+
 CMD+=(-append "${APPEND[*]}")
 
 if [ -n "${TEMPLATE}" ]; then
diff --git a/kvm-unit-tests/run_test.sh b/kvm-unit-tests/run_test.sh
index 3f5a95f..b7ca66d 100755
--- a/kvm-unit-tests/run_test.sh
+++ b/kvm-unit-tests/run_test.sh
@@ -21,6 +21,7 @@
 default_var VERBOSE		0
 default_var QUIET		0
 default_var GDB			0
+default_var KVM_PROTECTED	1
 default_var KERNEL		""
 default_var TEST_PATH		""
 default_var DISPLAY_NAME	""
@@ -47,16 +48,18 @@
     -d    Override test name displayed in result
     -o    Redirect stdout/stderr output to given file (implies -q)
     -V    Enable VHE configuration
+    -N    Disable protected KVM configuration
     -G    Enable debugging of emulated system with GDB
 EOF
 }
 
-while getopts ":k:d:o:vVGqh" OPT; do
+while getopts ":k:d:o:vVNGqh" OPT; do
 	case "${OPT}" in
 	k)	KERNEL="${OPTARG}"		;;
 	d)	DISPLAY_NAME="${OPTARG}"	;;
 	v)	VERBOSE=1			;;
 	V)	VHE=1				;;
+	N)	KVM_PROTECTED=0			;;
 	q)	QUIET=1				;;
 	G)	GDB=1				;;
 	o)
@@ -108,6 +111,10 @@
 	CMD+=(-c "${CPU_NVHE}")
 fi
 
+if [ "${KVM_PROTECTED}" -ne 1 ]; then
+	CMD+=(-N)
+fi
+
 if [ -n "${KERNEL}" ]; then
 	CMD+=(-k "${KERNEL}")
 fi