microsoft/openvmm
Publicmirrored fromhttps://github.com/microsoft/openvmmAvailable
Guide/src/dev_guide/getting_started/build_openhcl.md
170lines · modecode
| 1 | # Building OpenHCL |
| 2 | |
| 3 | **Prerequisites:** |
| 4 | |
| 5 | - [Getting started on Linux / WSL2](./linux.md). |
| 6 | |
| 7 | Reminder: OpenHCL cannot currently be built on Windows hosts! |
| 8 | |
| 9 | * * * |
| 10 | |
| 11 | An OpenHCL IGVM firmware image is composed of several distinct binaries and |
| 12 | artifacts. For example: the `openvmm_hcl` usermode binary, the OpenHCL boot |
| 13 | shim, the OpenHCL Linux kernel and initrd, etc.... |
| 14 | |
| 15 | Some of these components are built directly out of the OpenVMM repo, whereas |
| 16 | others must be downloaded as pre-built artifacts from other associated repos. |
| 17 | Various tools and scripts will then transform, package, and re-package these |
| 18 | artifacts into a final OpenHCL IGVM firmware binary. |
| 19 | |
| 20 | Fortunately, we don't expect you do to all those steps manually! |
| 21 | |
| 22 | All the complexity of installing the correct system dependencies, building the |
| 23 | right binaries, downloading the right artifacts, etc... is neatly encapsulated |
| 24 | behind a single `cargo xflowey build-igvm` command, which orchestrates the |
| 25 | entire end-to-end OpenHCL build process. |
| 26 | |
| 27 | Using the `build-igvm` flow is as simple as running: |
| 28 | |
| 29 | ```bash |
| 30 | cargo xflowey build-igvm [RECIPE] |
| 31 | ``` |
| 32 | |
| 33 | The first build will take some time as all the dependencies are |
| 34 | installed/downloaded/built. |
| 35 | |
| 36 | **Note: At this time, OpenHCL can only be built on Linux (or WSL2)!** |
| 37 | |
| 38 | A "recipe" corresponds to one of the pre-defined IGVM SKUs that are actively |
| 39 | supported and tested in OpenVMM's build infrastructure. |
| 40 | |
| 41 | A single recipe encodes _all_ the details of what goes into an individual IGVM |
| 42 | file, such as what build flags `openvmm_hcl` should be built with, what goes |
| 43 | into a VTL2 initrd, what `igvmfilegen` manifest is being used, etc... |
| 44 | |
| 45 | - e.g: `x64`, for a "standard" x64 IGVM |
| 46 | - e.g: `aarch64`, for a "standard" aarch64 IGVM |
| 47 | - e.g: `x64-cvm`, for a x64 CVM IGVM |
| 48 | - e.g: `x64-test-linux-direct`, for x64 IGVM booting a test linux direct image |
| 49 | - _for a full list of available recipes, please run `cargo xflowey build-igvm --help`_ |
| 50 | |
| 51 | New recipes can be added by modifying the `build-igvm` source code. |
| 52 | |
| 53 | Build output is then binplaced to: `flowey-out/artifacts/build-igvm/{release-mode}/{recipe}/openhcl-{recipe}.bin` |
| 54 | |
| 55 | So, for example: |
| 56 | |
| 57 | ```bash |
| 58 | cargo xflowey build-igvm x64-cvm |
| 59 | # output: flowey-out/artifacts/build-igvm/debug/x64-cvm/openhcl-x64-cvm.bin |
| 60 | |
| 61 | cargo xflowey build-igvm x64 --release |
| 62 | # output: flowey-out/artifacts/build-igvm/release/x64/openhcl-x64.bin |
| 63 | ``` |
| 64 | |
| 65 | ```admonish warning |
| 66 | `cargo xflowey build-igvm` is designed to be used as part of the |
| 67 | developer inner-loop, and does _NOT_ have a stable CLI suitable for CI or any |
| 68 | other form of production automation! |
| 69 | |
| 70 | In-tree pipelines and automation should interface with the underlying `flowey` |
| 71 | infrastructure that powers `cargo xflowey build-igvm`, _without_ relying on |
| 72 | the details of its CLI. |
| 73 | ``` |
| 74 | |
| 75 | ## Building ohcldiag-dev |
| 76 | |
| 77 | `ohcldiag-dev` is typically built as a Windows binary. |
| 78 | |
| 79 | This can be done directly from Windows, or using |
| 80 | [cross-compilation from WSL2](../getting_started/cross_compile.md). |
| 81 | |
| 82 | The command to build `ohcldiag-dev` is simply: |
| 83 | |
| 84 | ```sh |
| 85 | # you may need to run `rustup target add x86_64-pc-windows-msvc` first |
| 86 | cargo build -p ohcldiag-dev --target x86_64-pc-windows-msvc |
| 87 | ``` |
| 88 | |
| 89 | **Note:** Thanks to x86 emulation built into Windows, `ohcldiag-dev.exe` that is |
| 90 | built for x64 Windows will work on Aarch64 Windows as well. |
| 91 | |
| 92 | ## Troubleshooting |
| 93 | |
| 94 | This section documents some common errors you may encounter while building |
| 95 | OpenHCL. |
| 96 | |
| 97 | If you are still running into issues, consider filing an issue on the OpenVMM |
| 98 | GitHub Issue tracker. |
| 99 | |
| 100 | ### Help! The build failed due to a missing dependency |
| 101 | |
| 102 | If you don't mind having `xflowey` install some dependencies globally on your |
| 103 | machine (i.e: via `apt install`, or `rustup toolchain add`), you can pass |
| 104 | `--auto-install-deps` to your invocation of `build-igvm`. |
| 105 | |
| 106 | Alternatively - `build-igvm` _should_ emit useful human-readable error messages |
| 107 | when it encounters a dependency that isn't installed, with a suggestion on how |
| 108 | to install it. |
| 109 | |
| 110 | If it doesn't - please file an Issue! |
| 111 | |
| 112 | ### Help! Everything is rebuilding even though I only made a small change |
| 113 | |
| 114 | Cargo's target triple handling can be a bit buggy. Try running with: |
| 115 | |
| 116 | ```bash |
| 117 | CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu cargo build-igvm [RECIPE] |
| 118 | ``` |
| 119 | |
| 120 | or adding the below to your .bashrc: |
| 121 | |
| 122 | ```bash |
| 123 | export CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu |
| 124 | ``` |
| 125 | |
| 126 | ## Build Customization |
| 127 | |
| 128 | Aside from building IGVM files corresponding the the built-in IGVM recipes, |
| 129 | `build-igvm` also offers a plethora of customization options for developers who |
| 130 | wish to build specialized custom IGVM files for local testing. |
| 131 | |
| 132 | Some examples of potentially useful customization include: |
| 133 | |
| 134 | - `--override-manifest`: Override the recipe's `igvmfilegen` manifest file |
| 135 | via, in order to tweak different kernel command line options, different VTL0 |
| 136 | boot configuration, or different VTL2 memory sizes. |
| 137 | |
| 138 | - `--custom-openvmm-hcl`: Specify a pre-built `openvmm_hcl` binary. This is |
| 139 | useful in case you have already built it with some custom settings, e.g.: |
| 140 | |
| 141 | ```bash |
| 142 | cargo build --target x86_64-unknown-linux-musl -p openvmm_hcl --features myfeature |
| 143 | cargo xflowey build-igvm x64 --custom-openvmm-hcl target/x86_64-unknown-linux-musl/debug/openvmm_hcl |
| 144 | ``` |
| 145 | |
| 146 | - Specify a custom VTL2 kernel `vmlinux` / `Image`, instead of using a |
| 147 | pre-packed stable/dev kernel. |
| 148 | |
| 149 | ```bash |
| 150 | cargo xflowey build-igvm x64 --custom-kernel path/to/my/prebuilt/vmlinux |
| 151 | ``` |
| 152 | |
| 153 | For a full list of available customizations, refer to `build-igvm --help`. |
| 154 | |
| 155 | ### Advanced |
| 156 | |
| 157 | Depending on what you're doing, you may need to build the individual components |
| 158 | that go into an OpenHCL IGVM build. |
| 159 | |
| 160 | Our `flowey`-based pipelines handle the complexities of properly invoking and |
| 161 | orchestrating the various individual build tools / scripts used to construct |
| 162 | IGVM files, but a sufficiently motivated user can go through these steps |
| 163 | manually. |
| 164 | |
| 165 | Please consult the source code for `cargo xflowey build-igvm` for a breakdown of |
| 166 | all build steps and available customization options. |
| 167 | |
| 168 | Note that the canonical "source of truth" for how to build end-to-end OpenHCL |
| 169 | IGVM files are these build scripts themselves, and the specific flow is subject |
| 170 | to change over time! |
| 171 | |