Add cca support#20
Open
roxell wants to merge 3 commits intokernelci:mainfrom
Open
Conversation
Add --enable-cca flag for the FVP AEMvA device. It sets the FVP model parameters needed for Realm Management Extension (RME). When enabled: - bp.secure_memory=0 and bp.has_rme=1 to use RME instead of TrustZone - rme_support_level=2 and speculative execution restrictions on both clusters, required by RME - brbe recording disabled to avoid conflicts with RME trace filtering - SMMU root registers set for RME Without this flag the FVP runs with bp.secure_memory=1 as before. Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
QEMU SBSA does not support -kernel when pflash firmware is used. EDK2 needs to load the kernel from a FAT drive instead. Add --enable-cca for qemu-arm64 that switches to sbsa-ref machine with RME CPU flags. Add --pflash for SBSA flash images. Create a FAT boot disk with kernel and startup.nsh for EDK2 UEFI shell. Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
The for loop rendering tux_prompt items used Jinja2 whitespace
control ({%- endfor -%}) which stripped the trailing newline.
This caused the test section to be concatenated directly after
the last prompt item, producing invalid YAML like:
- "buildroot"- test:
Remove the whitespace control on endfor so each prompt gets
its own line and the test section starts on a new line.
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
bhcopeland
reviewed
May 5, 2026
| if enable_trustzone: | ||
| self.machine = f"{self.machine},secure=on" | ||
|
|
||
| if enable_cca: |
Member
There was a problem hiding this comment.
Two things I can see here, --pflash is required with --enable-cca, we need some validation here. Also what if a user passes --enable-cca, with --enable-trustzone I noticed that CCA will siliently overwrite sbsa-ref. I think same issue with --enable-kvm, these should riase InvalidArguement when combined
Member
There was a problem hiding this comment.
Also we check the kernel, but not the pflash. Shouldnt there be pflash validation here?
Member
|
Can we also include a QEMU CCA template? |
bhcopeland
reviewed
May 5, 2026
| if enable_trustzone: | ||
| self.machine = f"{self.machine},secure=on" | ||
|
|
||
| if enable_cca: |
Member
There was a problem hiding this comment.
Also we check the kernel, but not the pflash. Shouldnt there be pflash validation here?
| fat_img = tmpdir / "boot.img" | ||
| with open(fat_img, "wb") as f: | ||
| f.truncate(image.stat().st_size + 4 * 1024 * 1024) | ||
| subprocess.run(["mformat", "-i", str(fat_img), "::"], check=True) |
Member
There was a problem hiding this comment.
How to catch these errors when tools not found i.e. it'll fall over with a confusing File Not Found Error
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
--enable-ccato tuxlava. The flag enables Arm CCA / RME on FVP and qemu-arm64.