feat(opentmk): opentmk framework with first testcase (#1210)

OpenTMK framework for testing guest-based scenarios with a HCL.

The above diagram illustrates relation between abstract modules.

<img width="975" height="681" alt="image"
src="https://github.com/user-attachments/assets/fd35cf31-7de0-472c-8ab5-5d99591353d1"
/>

### UEFI Executor Design Decisions:
1.	Allocator
a. The allocator today switches between UEFI Runtime Allocator and
LockedHeapAllocator.
b. The decision to switch between the two allocator is to allow more
control over which sections of the memory map is for the heap, this is
helpful so that we know we are using a memory section which will not be
used by UEFI runtime services after exit boot services. Using the UEFI
allocator is important so that we can allocate any object before we call
main. If a panic occurs before main, we need to allocate strings in the
Panic handler. UEFI allocator can’t be used after exit boot services.
2.	Panic Handler
a. The panic handler today logs the panic info as string using the
logger module and then loops. The test driver is informed of the panic
and the test driver terminates the VM.
b.	Improvement planned to shutdown the VM.
c. Today we use our own interrupt handler, using ud2 causes an
fainterrupt but that does not cause a triple fault.
3.	Test Configuration Handler
a.	In scope for a task being tracked
### Platform Design Decisions
ARM64 implementation is a placeholder and out of scope, the work is
tacked by <ADO WI>. The work is mostly around implementing Interrupt
handling, VP bring up (just the implementation for default context), TPM
specific changes and end-to-end testing.
1.	HvCall
a. Platform/hyperv/arch houses all the modules which require a platform
specific implementation.
b. VTL calls/return need to be handled carefully, as many of the
general-purpose register values are not preserved across VTL switch. The
requires us to push all the values to stack before a switch and restore
back when we return. We also need to handle this carefully when VTL
switch happens because of secure intercepts.
c. Tests which require for secure intercepts to happen must use macro:
create_function_with_restore to isolate the violating function.
2.	Hyper-V platform test context implementation
a. Today we hardcode the value for how many VPs are present. Earlier I
had tried constructing the heuristics to read the CPU topology from
CPU-ID but they returned differently for Intel and AMD. I intend to use
ACPI table to construct this information/take the values as input in
test configuration in the next set of improvements.
b. The AP bring up in start_on_vp takes care of everything related to
enabling the VTLs and scheduling the VpExecutor object. Working on
changing the name as suggested in the PR. This change is mostly for
simplicity, for complex tests where the heuristic has to be tested for
boundary testing I recommend authoring a test with direct dependency on
platform and calling the hypercall interface (HvCall is a pub field in
HvTestCtx) without using the generic interface of the platform traits.
3.	X86_64 Interrupt Management
a. We depend on the x86_64 crate to provide structure and helpers, along
with x86-interrupt ABI.
b. Since custom ABI is a nightly feature, we keep the feature behind the
nightly feature flag.
c. We are tracking a task to move to naked functions as a part of the
improvements.
4.	TPM
a. We currently use a duplicated module of protocol module from tpm
crate, we can’t depend on tpm crate since it links to openssl which we
want to avoid, apart from that we we can’t readily move the protocol
because of some coupling between the protocol module and the errors
struct from tpm ref crate. I’ll work on decoupling the modules once we
are ok with other changes in this PR. I feel it may be better to take
the decoupling in a follow up PR, since there are a lot of changes in
this PR, isolating the PR to not touch TPM implementation will help
reduce risk of breaking anything in the TPM crate.
5.	Serial Port on AMD64
a. We have a separate implementation which is building on top of
minimal_rt, the major reasons are to facilitate multiple process writing
logs at the same time (by implementing locks) and to write to COM1/COM2
instead of the default COM3.

---------

Co-authored-by: Matt LaFayette (Kurjanowicz) <[email protected]>

Author: mayank-microsoft

Cargo.lock

@@ -3769,6 +3769,15 @@ dependencies = [
  "escape8259",
 ]
 
+[[package]]
+name = "linked_list_allocator"
+version = "0.10.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9afa463f5405ee81cdb9cc2baf37e08ec7e4c8209442b5d72c04cfb2cd6e6286"
+dependencies = [
+ "spinning_top",
+]
+
 [[package]]
 name = "linkme"
 version = "0.3.33"
@@ -4622,6 +4631,14 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "nostd_spin_channel"
+version = "0.0.0"
+dependencies = [
+ "spin 0.10.0",
+ "thiserror 2.0.16",
+]
+
 [[package]]
 name = "ntapi"
 version = "0.4.1"
@@ -5073,6 +5090,28 @@ dependencies = [
  "thiserror 2.0.16",
 ]
 
+[[package]]
+name = "opentmk"
+version = "0.0.0"
+dependencies = [
+ "bitfield-struct 0.11.0",
+ "cfg-if",
+ "hvdef",
+ "lazy_static",
+ "linked_list_allocator",
+ "log",
+ "memory_range",
+ "minimal_rt",
+ "nostd_spin_channel",
+ "serde",
+ "serde_json",
+ "spin 0.10.0",
+ "thiserror 2.0.16",
+ "uefi",
+ "x86_64",
+ "zerocopy 0.8.25",
+]
+
 [[package]]
 name = "openvmm"
 version = "0.0.0"
@@ -6844,6 +6883,18 @@ name = "spin"
 version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d5fe4ccb98d9c292d56fec89a5e07da7fc4cf0dc11e156b41793132775d3e591"
+dependencies = [
+ "lock_api",
+]
+
+[[package]]
+name = "spinning_top"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b9eb1a2f4c41445a3a0ff9abc5221c5fcd28e1f13cd7c0397706f9ac938ddb0"
+dependencies = [
+ "lock_api",
+]
 
 [[package]]
 name = "spki"
@@ -9445,6 +9496,12 @@ dependencies = [
  "vmsocket",
 ]
 
+[[package]]
+name = "volatile"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "442887c63f2c839b346c192d047a7c87e73d0689c9157b00b53dcc27dd5ea793"
+
 [[package]]
 name = "vpci"
 version = "0.0.0"
@@ -10178,6 +10235,18 @@ dependencies = [
  "tap",
 ]
 
+[[package]]
+name = "x86_64"
+version = "0.15.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f042214de98141e9c8706e8192b73f56494087cc55ebec28ce10f26c5c364ae"
+dependencies = [
+ "bit_field",
+ "bitflags 2.9.3",
+ "rustversion",
+ "volatile",
+]
+
 [[package]]
 name = "x86defs"
 version = "0.0.0"

Cargo.toml

@@ -47,6 +47,8 @@ members = [
   "vm/loader/igvmfilegen",
   "vm/vmgs/vmgs_lib",
   "vm/vmgs/vmgstool",
+  # opentmk
+  "opentmk",
 ]
 exclude = [
   "xsync",
@@ -126,6 +128,7 @@ mesh_rpc = { path = "support/mesh/mesh_rpc" }
 mesh_worker = { path = "support/mesh/mesh_worker" }
 mesh_tracing = { path = "support/mesh_tracing" }
 minircu = { path = "support/minircu" }
+nostd_spin_channel = { path = "support/nostd_spin_channel"}
 open_enum = { path = "support/open_enum" }
 openssl_kdf = { path = "support/openssl_kdf" }
 openssl_crypto_only = { path = "support/openssl_crypto_only" }
@@ -467,9 +470,11 @@ jiff = "0.2.14"
 kvm-bindings = "0.14.0"
 # Use of these specific REPO will go away when changes are taken upstream.
 landlock = "0.4.1"
+lazy_static = "1.4.0"
 libc = "0.2"
 libfuzzer-sys = "0.4"
 libtest-mimic = "0.8"
+linked_list_allocator = "0.10.5"
 linkme = "0.3.9"
 log = "0.4"
 loom = "0.7.2"
@@ -506,8 +511,8 @@ rusqlite = "0.37"
 rustc-hash = "2.1.1"
 rustyline = "17"
 seccompiler = "0.5"
-serde = "1.0.185"
-serde_json = "1.0"
+serde = { version = "1.0.185", default-features = false }
+serde_json = { version = "1.0", default-features = false }
 serde_yaml = "0.9"
 sha2 = { version = "0.10.8", default-features = false }
 shell-words = "1.1"
@@ -517,6 +522,7 @@ smallbox = "0.8"
 smallvec = "1.8"
 smoltcp = { version = "0.8", default-features = false }
 socket2 = "0.6"
+spin = "0.10.0"
 stackfuture = "0.3"
 static_assertions = "1.1"
 syn = "2"
@@ -544,6 +550,7 @@ windows = "0.62"
 windows-service = "0.8"
 windows-sys = "0.61"
 windows-version = "0.1.4"
+x86_64 = { version = "0.15.2", default-features = false }
 xshell = "=0.2.2" # pin to 0.2.2 to work around https://github.com/matklad/xshell/issues/63
 xshell-macros = "0.2"
 # We add the derive feature here since the vast majority of our crates use it.

flowey/flowey_cli/Cargo.toml

@@ -18,8 +18,8 @@ fs-err.workspace = true
 log.workspace = true
 parking_lot.workspace = true
 petgraph.workspace = true
-serde = { workspace = true, features = ["derive"] }
-serde_json = { workspace = true, features = ["raw_value"] }
+serde = { workspace = true, features = ["std", "derive"] }
+serde_json = { workspace = true, features = ["std", "raw_value"] }
 serde_yaml.workspace = true
 toml_edit = { workspace = true, features = ["serde"] }
 xshell.workspace = true

flowey/flowey_core/Cargo.toml

@@ -11,7 +11,7 @@ anyhow.workspace = true
 fs-err.workspace = true
 linkme.workspace = true
 serde = { workspace = true, features = ["derive"] }
-serde_json.workspace = true
+serde_json = { workspace = true, features = ["std"] }
 serde_yaml.workspace = true
 
 [dev-dependencies]

flowey/flowey_hvlite/Cargo.toml

@@ -17,7 +17,7 @@ vmm_test_images = { workspace = true, features = ["serde", "clap"] }
 anyhow.workspace = true
 clap = { workspace = true, features = ["derive"] }
 log.workspace = true
-serde.workspace = true
+serde = { workspace = true, features = ["std"] }
 target-lexicon = { workspace = true, features = ["serde_support"] }
 
 [lints]

flowey/flowey_lib_common/Cargo.toml

@@ -16,8 +16,8 @@ home.workspace = true
 log.workspace = true
 rlimit.workspace = true
 rustc-hash.workspace = true
-serde.workspace = true
-serde_json.workspace = true
+serde = { workspace = true, features = ["std"] }
+serde_json = { workspace = true, features = ["std"] }
 target-lexicon = { workspace = true, features = ["serde_support"] }
 toml_edit.workspace = true
 which.workspace = true

flowey/flowey_lib_hvlite/Cargo.toml

@@ -17,8 +17,8 @@ igvmfilegen_config.workspace = true
 anyhow.workspace = true
 fs-err.workspace = true
 log.workspace = true
-serde.workspace = true
-serde_json.workspace = true
+serde = { workspace = true, features = ["std"] }
+serde_json = { workspace = true, features = ["std"] }
 target-lexicon = { workspace = true, features = ["serde_support"] }
 which.workspace = true
 xshell.workspace = true

openhcl/openhcl_attestation_protocol/Cargo.toml

@@ -18,7 +18,7 @@ base64.workspace = true
 base64-serde.workspace = true
 hex.workspace = true
 serde = { workspace = true, features = ["derive"] }
-serde_json.workspace = true
+serde_json = { workspace = true, features = ["std"] }
 zerocopy.workspace = true
 
 [lints]

openhcl/underhill_attestation/Cargo.toml

@@ -28,8 +28,8 @@ base64.workspace = true
 base64-serde.workspace = true
 getrandom.workspace = true
 openssl.workspace = true
-serde.workspace = true
-serde_json.workspace = true
+serde = { workspace = true, features = ["std"] }
+serde_json = { workspace = true, features = ["std"] }
 static_assertions.workspace = true
 thiserror.workspace = true
 time = { workspace = true, features = ["macros"] }

openhcl/underhill_core/Cargo.toml

@@ -164,7 +164,7 @@ libc.workspace = true
 parking_lot.workspace = true
 serde = { workspace = true, features = ["derive"] }
 serde_helpers.workspace = true
-serde_json.workspace = true
+serde_json = { workspace = true, features = ["std"] }
 socket2.workspace = true
 thiserror = { workspace = true, features = ["std"] }
 time = { workspace = true, features = ["macros"] }