intel · ysun · May 31, 2024 · May 30, 2024
diff --git a/BM/tdx-guest/tdx_dep_check.sh b/BM/tdx-guest/tdx_dep_check.sh
@@ -0,0 +1,134 @@
+#!/usr/bin/bash
+# SPDX-License-Identifier: GPL-2.0-only
+# Copyright (c) 2024 Intel Corporation
+
+# Author:   Hongyu Ning <[email protected]>
+#
+# History:  30, May., 2024 - Hongyu Ning - creation
+
+
+# @desc This script do basic TD dependency check in TDX host environment
+#       test binary is based msr-tools from OS distros
+
+###################### Variables ######################
+SCRIPT_DIR="$( cd "$( dirname "$0" )" && pwd )"
+echo "$SCRIPT_DIR"
+source common.sh
+
+while getopts :t: arg; do
+  case $arg in
+    t)
+      DEP_CASE=$OPTARG
+      ;;
+    *)
+      test_print_err "Must supply an argument to -$OPTARG."
+      exit 1
+      ;;
+  esac
+done
+
+###################### Functions ######################
+seamrr_check() {
+  #SEAMRR represents SEAM Ranger Register, which is used by the BIOS 
+  #to help configure the SEAM memory range, where the TDX module is 
+  #loaded and executed
+  #bit 11 of IA32_SEAMRR_PHYS_MAS MSR is set, indicates SEAMRR is enabled correctly
+  #check on that could basically tell the HW support and enabling successfuly of TDX
+  if rdmsr 0x1401 -f 11:11 | grep 1; then
+    test_print_trc "SEAMRR enabled correctly for further TDX SW enabling."
+  else
+    die "SEAMRR check FAIL."
+    return 1
+  fi
+}
+
+tdx_parameter_check() {
+  #check if kernel module kvm_intel parameter tdx is Y
+  #if yes, it indicates tdx enabled correctly on host kernel
+  if [ -f "/sys/module/kvm_intel/parameters/tdx" ] && \
+    [ "$(cat /sys/module/kvm_intel/parameters/tdx)" = "Y" ]; then
+    test_print_trc "TDX enabled from host kernel KVM POV."
+  else
+    die "TDX kvm_intel module parameter check FAIL."
+    return 1
+  fi
+}
+
+tdx_module_check() {
+  #check if tdx module is enabled successfully
+  if [ -f "/sys/firmware/tdx/tdx_module/status" ] && \
+    [ "$(cat "/sys/firmware/tdx/tdx_module/status")" = "initialized" ]; then
+    test_print_trc "TDX module enabled successfully."
+  else
+    die "TDX module enable status check FAIL."
+    return 1
+  fi
+}
+
+qemu_tdx_cap_check() {
+  #check if qemu has TDX capability
+  if qemu-system-x86_64 -object help | grep -q "tdx-guest"; then
+    test_print_trc "QEMU has TDX capability."
+  else
+    test_print_wrn "default QEMU qemu-system-x86_64 does not have TDX capability."
+    test_print_wrn "if there is off-tree QEMU with TDX capability, please specify the path."
+    die "QEMU TDX capability check FAIL."
+    return 1
+  fi
+}
+
+virtual_bios_tdx_check() {
+  #no explicite way to check if virtual BIOS has TDX support
+  #simply check if any OVMF_*.fd file exists globaly
+  if find / -name "OVMF_*.fd" 2>/dev/null; then
+    test_print_trc "Virtual BIOS has TDX support."
+  else
+    test_print_wrn "can't find any OVMF EDK2 BIOS file, please check if virtual BIOS has TDX support."
+    die "Virtual BIOS TDX support check FAIL."
+    return 1
+  fi
+}
+
+mainline_kernel_check() {
+  #no explicite way to check if Kernel under use is from mainline or not
+  #simply check if kernel version contains "mainline" and greater then "5.10"
+  if uname -r | grep -q "mainline" && \
+    [ "$(uname -r | awk -F'.' '{print $1}')" -ge 5 ] && \
+    [ "$(uname -r | awk -F'.' '{print $2}')" -ge 10 ]; then
+    test_print_trc "Mainline kernel version is used."
+  else
+    test_print_wrn "Kernel version is not mainline or less than 5.10."
+    die "Mainline kernel version check FAIL."
+    return 1
+  fi
+}
+
+###################### Do Works ######################
+case "$DEP_CASE" in
+  hw_dep_check)
+    seamrr_check
+    ;;
+  other_dep_check1)
+    tdx_parameter_check
+    ;;
+  other_dep_check2)
+    tdx_module_check
+    ;;
+  other_dep_check3)
+    qemu_tdx_cap_check
+    ;;
+  other_dep_check4)
+    virtual_bios_tdx_check
+    ;;
+  other_warn_check)
+    mainline_kernel_check
+    ;;
+  :)
+    test_print_err "Must specify the attest case option by [-t]"
+    exit 1
+    ;;
+  \?)
+    test_print_err "Input test case option $DEP_CASE is not supported"
+    exit 1
+    ;;
+esac
diff --git a/BM/tdx-guest/guest-tests → BM/tdx-guest/tests b/BM/tdx-guest/guest-tests → BM/tdx-guest/tests
@@ -1,3 +1,19 @@
+# This file collects TDX guest (Trust Domain eXtensions) tests on
+# Intel® Architecture-based platforms.
+# @hw_dep: tdx_dep_check.sh -t hw_dep_check @SEAMRR not enabled, probably HW or BIOS can't support TDX
+# @other_dep: general_test.sh -t kconfig -k "CONFIG_INTEL_TDX_HOST=y"
+######## TDX Host Kernel module kvm_intel TDX enabling status check
+# @other_dep: tdx_dep_check.sh -t other_dep_check1 @host kernel kvm_intel has no TDX enabled
+######## TDX Module enabling status check
+# @other_dep: tdx_dep_check.sh -t other_dep_check2 @TDX module is not initialized or failed to initialize
+######## QEMU TDX capability check
+# @other_dep: tdx_dep_check.sh -t other_dep_check3 @QEMU has no tdx-guest capability, please make sure QEMU in use is TDX capable
+######## Virtual Firmware TDX capability check (OVMF EDK2 basic check, not 100% TDX capable guranateed)
+# @other_dep: tdx_dep_check.sh -t other_dep_check4 @OVMF EDK2 has no TDX capability, please make sure OVMF in use is TDX capable
+######## Host Kernel mainline version or not check, warn on some non-upstream complete feature 
+######## TCs failure expectation in case of non-mainline kernel
+# @other_warn: tdx_dep_check.sh -t other_warn_check @case info with [NA for upstream kernel] failed as expected
+
 # case implemented by tdx-guest_boot_check.sh
 # case info: TD VM booting test with vcpu 1 sockets 1 and memory size 1 GB
 ./guest-test/guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -e tdx-guest -f tdx -x TD_BOOT -c "accept_memory=lazy" -p off