From be7029a438c791b93c729c58640ad760b39f0359 Mon Sep 17 00:00:00 2001 From: xiangchao-pub <1097798774@qq.com> Date: Sat, 29 Nov 2025 15:29:51 +0800 Subject: [PATCH] add an operation of automatic replacing virtio_console module when vm starts to readme.md file --- trustzone-awared-vm/docs/README.md | 82 ++++++++++++++++-------------- 1 file changed, 44 insertions(+), 38 deletions(-) diff --git a/trustzone-awared-vm/docs/README.md b/trustzone-awared-vm/docs/README.md index a0dcb2b..1d77e36 100644 --- a/trustzone-awared-vm/docs/README.md +++ b/trustzone-awared-vm/docs/README.md @@ -1,10 +1,10 @@ ## Host 环境搭建 1. 安装依赖 -```shell -yum install gcc patch make kernel-devel-$(uname -r) kernel-headers-$(uname -r) ninja-build -yum install glib2 glib2-devel pixman-devel -yum install openssl-devel -``` + ```shell + yum install gcc patch make kernel-devel-$(uname -r) kernel-headers-$(uname -r) ninja-build + yum install glib2 glib2-devel pixman-devel + yum install openssl-devel + ``` 2. `vtzb_proxy`编译 ```shell git clone https://gitee.com/openeuler/tee-gp-proxy.git @@ -12,15 +12,15 @@ yum install openssl-devel cp -rf libboundscheck tee-gp-proxy/trustzone-awared-vm/Host/vtzb_proxy ``` 1. 按实际串口数量修改`tee-gp-proxy/trustzone-awared-vm/Host/vtzb_proxy/serial_port.h`,一个VM对应一个虚拟串口 - ``` - #define SERIAL_PORT_NUM 15 - ``` + ``` + #define SERIAL_PORT_NUM 15 + ``` 2. 编译 - ```shell - cd tee-gp-proxy/trustzone-awared-vm/Host/vtzb_proxy - make - sudo cp ./vtz_proxy /usr/bin/vtz_proxy - ``` + ```shell + cd tee-gp-proxy/trustzone-awared-vm/Host/vtzb_proxy + make + sudo cp ./vtz_proxy /usr/bin/vtz_proxy + ``` 5. `tzdriver`和`client`编译安装 1. 进入`itrustee_tzdriver`的根目录,补丁文件路径按照实际路径修改。 1. ``` git am tee-gp-proxy/trustzone-awared-vm/Host/tzdriver-0001-support-virtual-machine.patch``` @@ -29,10 +29,10 @@ yum install openssl-devel 3. 920 机型请参考[官方文档](https://www.hikunpeng.com/document/detail/zh/kunpengcctrustzone/trustzone/fg/kunpengtrustzone_20_0019.html)。 4. 920 新型号请参考[官方文档](https://www.hikunpeng.com/document/detail/zh/kunpengcctrustzone/cca/devg/Kunpeng_ommercialcryptography_16_0015.html) 5. 在`tzdriver`编译后,将`tzdriver.ko` 复制到指定目录 - ```bash - mkdir -p "/lib/modules/$(uname -r)/kernel/drivers/trustzone/" - cp tzdriver.ko /lib/modules/$(uname -r)/kernel/drivers/trustzone - ``` + ```bash + mkdir -p "/lib/modules/$(uname -r)/kernel/drivers/trustzone/" + cp tzdriver.ko /lib/modules/$(uname -r)/kernel/drivers/trustzone + ``` ## qemu与虚机配置 1. 获取`qemu v6.2.0`源码 @@ -65,14 +65,14 @@ yum install openssl-devel yum -y install edk2-aarch64.noarch libvirt ``` 2. 启动虚机 - ```shell - systemctl start/restart libvirtd.service - setenforce 0 - virsh define vm-libvirt.xml - virsh start nvm-ta-1 - /* 若新安装,用VNC登录安装,注意打开端口防火墙 */ - iptables -I INPUT -p tcp –dport 5901 -j ACCEPT - ``` + ```shell + systemctl start/restart libvirtd.service + setenforce 0 + virsh define vm-libvirt.xml + virsh start nvm-ta-1 + /* 若新安装,用VNC登录安装,注意打开端口防火墙 */ + iptables -I INPUT -p tcp –dport 5901 -j ACCEPT + ``` 9. 多虚机配置 ```xml @@ -87,9 +87,9 @@ yum install openssl-devel 3. `name` 恒为`vtzf_serialport0`; ## VM环境搭建 1. 安装依赖 -```shell -yum install make kernel-devel-$(uname -r) kernel-headers-$(uname -r) git gcc openssl-devel -``` + ```shell + yum install make kernel-devel-$(uname -r) kernel-headers-$(uname -r) git gcc openssl-devel + ``` 1. 下载`tee-gp-proxy`仓库,其中包含`vtzdriver`与`virtio`(5.10内核)源码。 ``` git clone https://gitee.com/openeuler/tee-gp-proxy.git @@ -103,21 +103,29 @@ yum install make kernel-devel-$(uname -r) kernel-headers-$(uname -r) git gcc ope 3. 920 新型号请参考[官方文档](https://www.hikunpeng.com/document/detail/zh/kunpengcctrustzone/cca/devg/Kunpeng_ommercialcryptography_16_0015.html) 3. 编译`virtio_console.ko`并加载(仅5.10内核需要执行此步骤) 1. 编译`virtio_console` 并替换内核默认的`virtio_console`! - ``` + ```shell cd tee-gp-proxy/trustzone-awared-vm/VM/virtio/char make - cp virtio_console.ko /lib/modules/$(uname -r)/kernel/drivers/char - cd /lib/modules/$(uname -r)/kernel/drivers/char - mv virtio_console.ko.xz virtio_console.ko.xz.back - xz -k -9 ./virtio_console.ko + mkdir -p /lib/modules/$(uname -r)/kernel/drivers/trustzone + cp virtio_console.ko /lib/modules/$(uname -r)/kernel/drivers/trustzone rmmod virtio_console - insmod /lib/modules/$(uname -r)/kernel/drivers/char/virtio_console.ko + insmod /lib/modules/$(uname -r)/kernel/drivers/trustzone/virtio_console.ko ``` -8. 编译`vtzdriver`并加载`vtzfdriver.ko`, `vtzfdriver`加载后不可卸载, 如需卸载请重启 + 2. 设置虚机启动自动替换`virtio_console`模块 + - 编辑`rc.local`文件 + ```shell + vi /etc/rc.local + ``` + - 在文件末尾添加如下内容 + + ```shell + rmmod virtio_console + insmod /lib/modules/$(uname -r)/kernel/drivers/trustzone/virtio_console.ko + ``` +5. 编译`vtzdriver`并加载`vtzfdriver.ko`, `vtzfdriver`加载后不可卸载, 如需卸载请重启 ```bash cd tee-gp-proxy/trustzone-awared-vm/VM/vtzdriver make - mkdir -p /lib/modules/$(uname -r)/kernel/drivers/trustzone cp vtzfdriver.ko /lib/modules/$(uname -r)/kernel/drivers/trustzone insmod /lib/modules/$(uname -r)/kernel/drivers/trustzone/vtzfdriver.ko ``` @@ -134,8 +142,6 @@ nohup /usr/bin/vtz_proxy & ``` #### 在`VM`中需要执行以下命令 ```shell -rmmod virtio_console #仅5.10内核需要执行此步骤 -insmod /lib/modules/$(uname -r)/kernel/drivers/char/virtio_console.ko #仅5.10内核需要执行此步骤 insmod /lib/modules/$(uname -r)/kernel/drivers/trustzone/vtzfdriver.ko nohup /usr/bin/teecd & ``` -- Gitee