tamago-sev-example/Makefile at main · usbarmory/tamago-sev-example · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# Copyright (c) The tamago-sev-example authors. All Rights Reserved.
#
# Use of this source code is governed by the license
# that can be found in the LICENSE file.

TAMAGO ?= $(shell go tool -n github.com/usbarmory/tamago/cmd/tamago)
BUILD_TAGS = linkcpuinit,linkramsize,linkramstart,linkprintk
SHELL = /bin/bash
APP ?= tamago-sev-example

IMAGE_BASE := 10000000
TEXT_START := $(shell echo $$((16#$(IMAGE_BASE) + 16#10000)))
LDFLAGS := -s -w -E cpuinit -T $(TEXT_START) -R 0x1000 -X 'main.Console=${CONSOLE}'
GOFLAGS := -tags ${BUILD_TAGS} -trimpath -ldflags "${LDFLAGS}"
GOENV := GOOS=tamago GOOSPKG=github.com/usbarmory/tamago GOARCH=amd64

OVMF ?= OVMF.amdsev.fd
OVMFCODE ?= OVMF_CODE.fd
LOG ?= qemu.log

SMP ?= 8
QEMU ?= qemu-system-x86_64 -machine q35,pit=off,pic=off \
        -m 4G -smp $(SMP) \
        -enable-kvm -cpu host,invtsc=on,kvmclock=on -no-reboot \
        -device pcie-root-port,port=0x10,chassis=1,id=pci.0,bus=pcie.0,multifunction=on,addr=0x3 \
        -device virtio-net-pci,netdev=net0,mac=42:01:0a:84:00:02,disable-modern=true -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
        -drive format=raw,file=fat:rw:$(CURDIR)/qemu-disk \
        -drive if=pflash,format=raw,readonly,file=$(OVMFCODE) \
        -global isa-debugcon.iobase=0x402 \
        -serial stdio -nographic -monitor none  \
        # -debugcon file:$(LOG)

# UEFI Simple Network Protocol not available
QEMU_SNP ?= qemu-system-x86_64 \
        -enable-kvm -cpu host,invtsc=on -smp $(SMP)  \
        -machine q35,confidential-guest-support=sev0,vmport=off,memory-backend=ram1 \
        -object memory-backend-memfd,id=ram1,size=4G,share=true,prealloc=false \
        -device pcie-root-port,port=0x10,chassis=1,id=pci.0,bus=pcie.0,multifunction=on,addr=0x3 \
        -device virtio-net-pci,netdev=net0,mac=42:01:0a:84:00:02 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
        -bios $(OVMF) -kernel $(APP).efi \
        -global isa-debugcon.iobase=0x402 \
        -serial stdio -nographic -monitor none \
        -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,policy=0x30000,kernel-hashes=on
        # -monitor unix:qemu-monitor-socket,server,nowait

# UEFI Simple Network Protocol available
QEMU_SNP_DISK ?= qemu-system-x86_64 \
        -enable-kvm -cpu host,invtsc=on -smp $(SMP) \
        -machine q35,confidential-guest-support=sev0,vmport=off,memory-backend=ram1 \
        -object memory-backend-memfd,id=ram1,size=4G,share=true,prealloc=false \
        -drive format=raw,file=fat:rw:$(CURDIR)/qemu-disk \
        -bios $(OVMF) \
        -global isa-debugcon.iobase=0x402 \
        -serial stdio -nographic -monitor none \
        -device virtio-net-pci,netdev=net0 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
        -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,policy=0x30000
        # -monitor unix:qemu-monitor-socket,server,nowait


.PHONY: clean

#### primary targets ####

all: $(APP).efi

elf: $(APP)

efi: $(APP).efi

qemu: $(APP).efi
	mkdir -p $(CURDIR)/qemu-disk/efi/boot && cp $(CURDIR)/$(APP).efi $(CURDIR)/qemu-disk/efi/boot/bootx64.efi
	$(QEMU)

qemu-snp: $(APP).efi
	mkdir -p $(CURDIR)/qemu-disk/efi/boot && cp $(CURDIR)/$(APP).efi $(CURDIR)/qemu-disk/efi/boot/bootx64.efi
	$(QEMU_SNP)

qemu-snp-disk: $(APP).efi
	mkdir -p $(CURDIR)/qemu-disk/efi/boot && cp $(CURDIR)/$(APP).efi $(CURDIR)/qemu-disk/efi/boot/bootx64.efi
	$(QEMU_SNP_DISK)

qemu-gdb: GOFLAGS := $(GOFLAGS:-w=)
qemu-gdb: GOFLAGS := $(GOFLAGS:-s=)
qemu-gdb: $(APP).efi
	mkdir -p $(CURDIR)/qemu-disk/efi/boot && cp $(CURDIR)/$(APP).efi $(CURDIR)/qemu-disk/efi/boot/bootx64.efi
	$(QEMU) -S -s

#### utilities ####

check_tamago:
	@if [ "${TAMAGO}" == "" ] || [ ! -f "${TAMAGO}" ]; then \
		echo 'You need to set the TAMAGO variable to a compiled version of https://github.com/usbarmory/tamago-go'; \
		exit 1; \
	fi

clean:
	@rm -fr $(APP) $(APP).efi $(CURDIR)/qemu-disk

#### dependencies ####

$(APP): check_tamago
	$(GOENV) $(TAMAGO) build $(GOFLAGS) -o ${APP}

$(APP).efi: $(APP)
	objcopy \
		--strip-debug \
		--output-target efi-app-x86_64 \
		--subsystem=efi-app \
		--image-base 0x$(IMAGE_BASE) \
		--stack=0x10000 \
		${APP} ${APP}.efi
	printf '\x26\x02' | dd of=${APP}.efi bs=1 seek=150 count=2 conv=notrunc,fsync # adjust Characteristics