1.. SPDX-License-Identifier: GPL-2.0 2 3====================== 4GenieZone Introduction 5====================== 6 7Overview 8======== 9GenieZone hypervisor (gzvm) is a type-I hypervisor that supports various virtual 10machine types and provides security features such as TEE-like scenarios and 11secure boot. It can create guest VMs for security use cases and has 12virtualization capabilities for both platform and interrupt. Although the 13hypervisor can be booted independently, it requires the assistance of GenieZone 14hypervisor kernel driver (also named gzvm) to leverage the ability of Linux 15kernel for vCPU scheduling, memory management, inter-VM communication and virtio 16backend support. 17 18Supported Architecture 19====================== 20GenieZone now only supports MediaTek ARM64 SoC. 21 22Features 23======== 24 25- vCPU Management 26 27 VM manager aims to provide vCPUs on the basis of time sharing on physical 28 CPUs. It requires Linux kernel in host VM for vCPU scheduling and VM power 29 management. 30 31- Memory Management 32 33 Direct use of physical memory from VMs is forbidden and designed to be 34 dictated to the privilege models managed by GenieZone hypervisor for security 35 reason. With the help of the gzvm module, the hypervisor is able to manipulate 36 memory as objects. 37 38- Virtual Platform 39 40 The gzvm hypervisor emulates a virtual mobile platform for guest OS running on 41 guest VM. The platform supports various architecture-defined devices, such as 42 virtual arch timer, GIC, MMIO, PSCI, and exception watching...etc. 43 44- Inter-VM Communication 45 46 Communication among guest VMs is provided mainly on RPC. More communication 47 mechanisms will be provided in the future based on VirtIO-vsock. 48 49- Device Virtualization 50 51 The solution is provided using the well-known VirtIO. The gzvm module redirects 52 MMIO traps back to VMM where the virtual devices are mostly emulated. 53 Ioeventfd is implemented using eventfd for signaling host VM that some IO 54 events in guest VMs need to be processed. 55 56- Interrupt virtualization 57 58 All interrupts during some guest VMs running are handled by GenieZone 59 hypervisor with the help of gzvm module, both virtual and physical ones. 60 In case there's no guest VM running, physical interrupts are handled by host 61 VM directly for performance reason. Irqfd is also implemented using eventfd 62 for accepting vIRQ requests in gzvm module. 63 64Platform architecture component 65=============================== 66 67- vm 68 69 The vm component is responsible for setting up the capability and memory 70 management for the protected VMs. The capability is mainly about the lifecycle 71 control and boot context initialization. And the memory management is highly 72 integrated with ARM 2-stage translation tables to convert VA to IPA to PA 73 under proper security measures required by protected VMs. 74 75- vcpu 76 77 The vcpu component is the core of virtualizing an aarch64 physical CPU, and it 78 controls the vCPU lifecycle including creating, running and destroying. 79 With self-defined exit handler, the vm component is able to act accordingly 80 before termination. 81 82- vgic 83 84 The vgic component exposes control interfaces to Linux kernel via irqchip, and 85 we intend to support all SPI, PPI, and SGI. When it comes to virtual 86 interrupts, the GenieZone hypervisor writes to list registers and triggers 87 vIRQ injection in guest VMs via GIC. 88