Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Deploying Core Components

To build a secure virtualization environment and to support isolated execution and secure boot for TEEs, the required software components must be deployed. This section describes how to deploy libvirt, QEMU, the host kernel, and EDK2.

Deploying libvirt

  1. Install the libvirt software of the openEuler 24.03 LTS SP2 source.
    1. View information about the libvirt software package in the system. 
      yum list | grep libvirt

    2. Install the libvirt software package whose version is 16 or later. 
      yum install -y libvirt
  2. Verify that the installed version contains the main command word for secure memory observability.
    virsh help | grep tmm

  3. If you need to input the dtb dump parameter when starting libvirt, modify the libvirt configuration to ensure that the QEMU startup user is the same as the current OS user.
    1. View the current user. 
      whoami

    2. Open the /etc/libvirt/qemu.conf file. 
      vim /etc/libvirt/qemu.conf
    3. Press i to enter the insert mode and change the values of user and group to root.

    4. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
    5. Check the libvirtd status. 
      systemctl status libvirtd
      If the libvirtd status is inactive, run the following command to start libvirtd. Otherwise, skip this step to step 3.f. 
      systemctl start libvirtd

    6. Reload the libvirtd configuration. 
      systemctl reload libvirtd

Deploying QEMU

  1. Check the QEMU version of the openEuler 24.03 LTS SP2 source. Ensure that the QEMU version is 37 or later.
    yum list | grep qemu

  2. Install the QEMU software of the openEuler 24.03 LTS SP2 source.
    yum install -y  qemu liburing-devel telnet

    The default QEMU path is /usr/libexec/qemu-kvm.

Deploying the Host Kernel

  1. Install the kernel of the openEuler 24.03 LTS SP2 source.
    1. View the kernel.aarch64 version of the openEuler 24.03 LTS SP2 source. 
      yum list | grep kernel.aarch64

    2. Install the kernel. 
      yum install -y kernel
  2. Add the boot parameter to the newly installed kernel.
    1. Open the grub.cfg file. 
      vim /boot/efi/EFI/openEuler/grub.cfg
    2. Press i to enter the insert mode and set the startup parameter virtcca_cvm_host to 1.

    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  3. After a system reboot, select the target kernel on the GRUB boot screen.

Deploying EDK2

  1. Install EDK2.
    1. View the edk2-aarch64 version of the openEuler 24.03 LTS SP2 source. 
      yum list | grep edk2-aarch64

    2. Install version 23 or later of edk2-aarch64. 
      yum install edk2-aarch64 -y
  2. After the installation is complete, view the edk2-aarch64 path.
    rpm -ql edk2-aarch64

  3. Set the size of the QEMU_EFI.fd file to a multiplier of 64 MB.
    fallocate -l $((64 * 1024 * 1024)) /usr/share/edk2/aarch64/QEMU_EFI.fd
Parent topic: Software Deployment