NOISSUE - Add HAL (#26)

* Add HAL

Signed-off-by: Drasko DRASKOVIC <[email protected]>

* Add Agent package in HAL

Signed-off-by: Drasko DRASKOVIC <[email protected]>

---------

Signed-off-by: Drasko DRASKOVIC <[email protected]>

hal/linux/Config.in

@@ -0,0 +1 @@
+source "$BR2_EXTERNAL_COCOS_PATH/package/agent/Config.in"

hal/linux/README.md

@@ -0,0 +1,14 @@
+# Hardware Abstraction Layer (HAL) for Confidential Computing
+Cocos HAL for Linux is framework for building custom in-enclave Linux distribution. 
+
+## Usage
+HAL uses [Buildroot](https://buildroot.org/)'s [_External Tree_ mechanism](https://buildroot.org/downloads/manual/manual.html#outside-br-custom) for building custom distro:
+
+```bash
+git clone [email protected]:ultravioletrs/cocos.git
+git clone [email protected]:buildroot/buildroot.git
+cd buildroot
+make BR2_EXTERNAL_COCOS_PATH=../cocos/hal/linux cocos_defconfig
+make menuconfig
+make
+```

hal/linux/board/cocos/linux.config

@@ -0,0 +1,62 @@
+CONFIG_SYSVIPC=y
+CONFIG_CGROUPS=y
+CONFIG_MODULES=y
+CONFIG_MODULE_UNLOAD=y
+CONFIG_SMP=y
+CONFIG_HYPERVISOR_GUEST=y
+CONFIG_PARAVIRT=y
+CONFIG_NET=y
+CONFIG_PACKET=y
+CONFIG_UNIX=y
+CONFIG_INET=y
+# CONFIG_WIRELESS is not set
+CONFIG_PCI=y
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+CONFIG_VIRTIO_BLK=y
+CONFIG_BLK_DEV_SD=y
+CONFIG_SCSI_VIRTIO=y
+CONFIG_ATA=y
+CONFIG_ATA_PIIX=y
+CONFIG_NETDEVICES=y
+CONFIG_VIRTIO_NET=y
+CONFIG_NE2K_PCI=y
+CONFIG_8139CP=y
+# CONFIG_WLAN is not set
+CONFIG_INPUT_EVDEV=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_VIRTIO_CONSOLE=y
+CONFIG_HW_RANDOM_VIRTIO=m
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_BALLOON=y
+CONFIG_VIRTIO_INPUT=y
+CONFIG_VIRTIO_MMIO=y
+CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y
+CONFIG_EXT4_FS=y
+CONFIG_AUTOFS4_FS=y
+CONFIG_TMPFS=y
+CONFIG_TMPFS_POSIX_ACL=y
+CONFIG_UNWINDER_FRAME_POINTER=y
+
+###
+# AMD SEV-SNP
+###
+CONFIG_EFI=y
+CONFIG_EFI_STUB=y
+CONFIG_VIRT_DRIVERS=y
+CONFIG_LOCALVERSION_AUTO=n
+CONFIG_AMD_MEM_ENCRYPT=y
+CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n
+CONFIG_CRYPTO_AES=y
+CONFIG_SYSTEM_TRUSTED_KEYS=n
+CONFIG_SYSTEM_REVOCATION_KEYS=n
+CONFIG_MODULE_SIG_KEY=n
+CONFIG_SEV_GUEST=y
+CONFIG_IOMMU_DEFAULT_PASSTHROUGH=n
+CONFIG_PREEMPT_COUNT=n
+CONFIG_PREEMPT=n
+CONFIG_PREEMPT_DYNAMIC=n
+CONFIG_DEBUG_PREEMPT=n
+CONFIG_CGROUP_MISC=y
+CONFIG_X86_CPUID=y

hal/linux/board/cocos/post-build.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -u
+set -e
+
+# Add a console on tty1
+if [ -e ${TARGET_DIR}/etc/inittab ]; then
+    grep -qE '^tty1::' ${TARGET_DIR}/etc/inittab || \
+	sed -i '/GENERIC_SERIAL/a\
+tty1::respawn:/sbin/getty -L  tty1 0 vt100 # QEMU graphical window' ${TARGET_DIR}/etc/inittab
+fi

hal/linux/board/cocos/post-image.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+COCOS_BOARD_DIR="$(dirname "$0")"
+DEFCONFIG_NAME="$(basename "$2")"
+README_FILES="${COCOS_BOARD_DIR}/readme.txt"
+START_QEMU_SCRIPT="${BINARIES_DIR}/start-qemu.sh"
+
+if [[ "${DEFCONFIG_NAME}" =~ ^"cocos_*" ]]; then
+    # Not a Qemu defconfig, can't test.
+    exit 0
+fi
+
+# Search for "# qemu_*_defconfig" tag in all readme.txt files.
+# Qemu command line on multilines using back slash are accepted.
+# shellcheck disable=SC2086 # glob over each readme file
+QEMU_CMD_LINE="$(sed -r ':a; /\\$/N; s/\\\n//; s/\t/ /; ta; /# '"${DEFCONFIG_NAME}"'$/!d; s/#.*//' ${README_FILES})"
+
+if [ -z "${QEMU_CMD_LINE}" ]; then
+    # No Qemu cmd line found, can't test.
+    exit 0
+fi
+
+# Remove output/images path since the script will be in
+# the same directory as the kernel and the rootfs images.
+QEMU_CMD_LINE="${QEMU_CMD_LINE//output\/images\//}"
+
+# Remove -serial stdio if present, keep it as default args
+DEFAULT_ARGS="$(sed -r -e '/-serial stdio/!d; s/.*(-serial stdio).*/\1/' <<<"${QEMU_CMD_LINE}")"
+QEMU_CMD_LINE="${QEMU_CMD_LINE//-serial stdio/}"
+
+# Remove any string before qemu-system-*
+QEMU_CMD_LINE="$(sed -r -e 's/^.*(qemu-system-)/\1/' <<<"${QEMU_CMD_LINE}")"
+
+# Disable graphical output and redirect serial I/Os to console
+case ${DEFCONFIG_NAME} in
+  (qemu_sh4eb_r2d_defconfig|qemu_sh4_r2d_defconfig)
+    # Special case for SH4
+    SERIAL_ARGS="-serial stdio -display none"
+    ;;
+  (*)
+    SERIAL_ARGS="-nographic"
+    ;;
+esac
+
+sed -e "s|@SERIAL_ARGS@|${SERIAL_ARGS}|g" \
+    -e "s|@DEFAULT_ARGS@|${DEFAULT_ARGS}|g" \
+    -e "s|@QEMU_CMD_LINE@|${QEMU_CMD_LINE}|g" \
+    -e "s|@HOST_DIR@|${HOST_DIR}|g" \
+    <"${COCOS_BOARD_DIR}/start-qemu.sh.in" \
+    >"${START_QEMU_SCRIPT}"
+chmod +x "${START_QEMU_SCRIPT}"

hal/linux/board/cocos/readme.txt

@@ -0,0 +1,7 @@
+Run the emulation with:
+
+  qemu-system-x86_64 -M pc -kernel output/images/bzImage -drive file=output/images/rootfs.ext2,if=virtio,format=raw -append "rootwait root=/dev/vda console=tty1 console=ttyS0" -serial stdio -net nic,model=virtio -net user # cocos_defconfig
+
+Optionally add -smp N to emulate a SMP system with N CPUs.
+
+The login prompt will appear in the graphical window.

hal/linux/board/cocos/start-qemu.sh.in

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+BINARIES_DIR="${0%/*}/"
+# shellcheck disable=SC2164
+cd "${BINARIES_DIR}"
+
+mode_serial=false
+mode_sys_qemu=false
+while [ "$1" ]; do
+    case "$1" in
+    --serial-only|serial-only) mode_serial=true; shift;;
+    --use-system-qemu) mode_sys_qemu=true; shift;;
+    --) shift; break;;
+    *) echo "unknown option: $1" >&2; exit 1;;
+    esac
+done
+
+if ${mode_serial}; then
+    EXTRA_ARGS='@SERIAL_ARGS@'
+else
+    EXTRA_ARGS='@DEFAULT_ARGS@'
+fi
+
+if ! ${mode_sys_qemu}; then
+    export PATH="@HOST_DIR@/bin:${PATH}"
+fi
+
+exec @QEMU_CMD_LINE@ ${EXTRA_ARGS} "$@"

hal/linux/configs/cocos_defconfig

@@ -0,0 +1,45 @@
+# Architecture
+BR2_x86_64=y
+
+# System
+BR2_TARGET_GENERIC_HOSTNAME="cocos"
+BR2_TARGET_GENERIC_ISSUE="Welcome to Cocos"
+BR2_SYSTEM_DHCP="eth0"
+
+# Filesystem
+# BR2_TARGET_ROOTFS_TAR is not set
+BR2_TARGET_ROOTFS_CPIO=y
+BR2_TARGET_ROOTFS_CPIO_FULL=y
+BR2_TARGET_ROOTFS_CPIO_GZIP=y
+
+# Image
+BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_COCOS_PATH)/board/cocos/post-build.sh"
+
+# Image
+BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_COCOS_PATH)/board/cocos/post-image.sh"
+BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_DEFCONFIG)"
+
+# Linux headers same as kernel
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_6=y
+BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_5=y
+BR2_TOOLCHAIN_HEADERS_AT_LEAST_6_6=y
+BR2_TOOLCHAIN_HEADERS_LATEST=y
+BR2_TOOLCHAIN_HEADERS_AT_LEAST="6.6"
+
+# Kernel
+BR2_LINUX_KERNEL=y
+BR2_LINUX_KERNEL_CUSTOM_GIT=y
+BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/torvalds/linux.git"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="v6.6"
+BR2_LINUX_KERNEL_VERSION="v6.6"
+BR2_LINUX_KERNEL_PATCH=""
+BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
+BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_COCOS_PATH)/board/cocos/linux.config"
+BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
+
+# host-qemu for gitlab testing
+BR2_PACKAGE_HOST_QEMU=y
+BR2_PACKAGE_HOST_QEMU_SYSTEM_MODE=y
+
+# Python
+BR2_PACKAGE_PYTHON3=y

hal/linux/external.desc

@@ -0,0 +1,2 @@
+name: Cocos
+desc: External buildroot tree for Cocos AI

hal/linux/external.mk

@@ -0,0 +1 @@
+include $(sort $(wildcard $(BR2_EXTERNAL_COCOS_PATH)/package/*/*.mk))

hal/linux/package/agent/Config.in

@@ -0,0 +1,8 @@
+config BR2_PACKAGE_AGENT
+	bool "agent"
+	default y
+	help
+	  Confidential Computing Agent is a state machine capable of
+	  receiving data and algorithms, running computations, and 
+	  fetching the attestation report from within the 
+	  Confidential VM.

hal/linux/package/agent/agent.mk

@@ -0,0 +1,18 @@
+################################################################################
+#
+# Cocos AI Agent
+#
+################################################################################
+
+AGENT_VERSION = main
+AGENT_SITE = $(call github,ultravioletrs,cocos,$(AGENT_VERSION))
+
+define AGENT_BUILD_CMDS 	
+	$(MAKE) -C $(@D) agent
+endef
+
+define AGENT_INSTALL_TARGET_CMDS
+	cp $(@D)/build/cocos-agent $(TARGET_DIR)/bin
+endef
+
+$(eval $(golang-package))