/
Device Assignment Enabled RME Stack on QEMU

Device Assignment Enabled RME Stack on QEMU

Owned by Mathieu Poirier
Last updated: Jul 06, 2025

Release Notes

  1. Instructions provided herein replicate the demonstration depicted in Soby’s original email, using QEMU as an emulator rather than the FVP model. The latest revision is alp12.

  2. In a Realm, moving the assigned device to the LOCKED state will generate error messages related to protection on address ranges. This is expected and cause by device emulation with the SPDM library. It does not change anything to the TDISP state machine.

  3. QEMU implements the basic Integrity & Data encryption (IDE) interface needed by this demonstration.

  4. Only a single assigned device is currently supported.

  5. All measurement tools such as cca-workload-attestationwill not work properly. All efforts are currently focused on making device assignment (DA) work on QEMU.

Initial Environment Setup

$ mkdir alp12-qemu $ cd alp12-qemu $ mkdir workspace $ git clone https://git.codelinaro.org/linaro/dcap/shrinkwrap.git -b alp12 $ export PATH=$PWD/shrinkwrap/shrinkwrap:$PATH $ export WORKSPACE=$PWD/workspace $ export SHRINKWRAP_BUILD=$PWD/workspace $ export SHRINKWRAP_PACKAGE=$PWD/workspace/package

Compile the Project

The first time the project is built, all the source trees need to be sync’ed

$ shrinkwrap build cca-3world.yaml --overlay=qemu/cca_da.yaml --overlay=buildroot-cca.yaml

On subsequent iterations, shrinkwarp will automatically re-sync all the project. To avoid lengthy turn-around time, use the --no-sync-alloption:

$ shrinkwrap build cca-3world.yaml --overlay=qemu/cca_da.yaml --overlay=buildroot-cca.yaml --no-sync-all

Run the Project

Start an SPDM Responder

Every time a RME system emulation is started, i.e a host, an SPDM responder is needed. In a separate shell, make your way to the SPDM responder build directory and start an instance.

$ pwd alp12-qemu $ cd workspace/build/cca-3world/spdm-emu/bin/ $ ./spdm_responder_emu --trans PCI_DOE --slot_count 1

Start a Host System Emulation

In the same shell that was used to compile the project, start a host system emulation. It should take less than 20 seconds to get to a command line prompt.

$ pwd alp12-qemu $ shrinkwrap run cca-3world.yaml ... ... Welcome to Buildroot buildroot login: (root)

The device to be assigned to the Realm is a SATA controller

$ lspci 01:00.0 SATA controller: Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] (rev 02) (prog-if 01 [AHCI 1.0]) Subsystem: Red Hat, Inc. QEMU Virtual Machine Flags: bus master, fast devsel, latency 0, IRQ 22, IOMMU group 5 I/O ports at 1000 [size=32] Memory at 81000000 (32-bit, non-prefetchable) [size=4K] Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [a8] SATA HBA v1.0 Capabilities: [40] Express Endpoint, IntMsgNum 0 Capabilities: [100] Data Object Exchange Capabilities: [118] Integrity & Data Encryption Kernel driver in use: ahci

Prepare the SATA controller for assignement to the Realm

echo 0000:01:00.0 > /sys/bus/pci/devices/0000:01:00.0/driver/unbind echo vfio-pci > /sys/bus/pci/devices/0000:01:00.0/driver_override echo 0000:01:00.0 > /sys/bus/pci/drivers_probe echo 1 > /sys/bus/pci/devices/0000:01:00.0/tsm/connect

Start a Realm

Start a Realm with the SATA controller as an assigned device. Reaching the Realm’s command line should take between 20 and 40 seconds.

# cd /mnt # lkvm run --realm --in-kernel-smccc --firmware KVMTOOL_EFI.fd -c 2 -m 256 --no-pvtime --force-pci --disk guest-disk.img --measurement-algo=sha256 --vfio-secure-pci 0000:01:00.0 ... ... Welcome to Buildroot buildroot login: (root)

Complete the TDISP workflow

Complete the TDISP workflow by unbinding the device and moving it to the CONNECT, LOCKED and RUN step, done respectively here.

echo 0000:00:00.0 > /sys/bus/pci/devices/0000:00:00.0/driver/unbind echo 1 > /sys/bus/pci/devices/0000:00:00.0/tsm/connect echo 3 > /sys/bus/pci/devices/0000:00:00.0/tsm/connect echo 4 > /sys/bus/pci/devices/0000:00:00.0/tsm/connect

  1. Putting the device in the LOCKED state (line 3) may generate an unaligned exception.

  2. Putting the device in the RUN state (line 4) will generate errors such as:

“[ 63.389598] pci 0000:00:00.0: failed to set protection attributes for the address range “

This is caused by the SPDM library used by the the SPDM-responder not being fully integrated with QEMU, making it impossible for TDISP’s DEVICE_INTERFACE_REPORT message to contain accurate information about the mapping of the BAR areas.