[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 04/16] hw/arm/virt: Add support for Arm RME
|
From: |
Jean-Philippe Brucker |
|
Subject: |
Re: [RFC PATCH 04/16] hw/arm/virt: Add support for Arm RME |
|
Date: |
Wed, 8 Feb 2023 12:08:23 +0000 |
On Fri, Jan 27, 2023 at 11:07:35AM -1000, Richard Henderson wrote:
> > + /*
> > + * Since the devicetree is included in the initial measurement, it must
> > + * not contain random data.
> > + */
> > + if (virt_machine_is_confidential(vms)) {
> > + vms->dtb_randomness = false;
> > + }
>
> This property is default off, and the only way it can be on is user
> argument. This should be an error, not a silent disable.
This one seems to default to true in virt_instance_init(), and I did need
to disable it in order to get deterministic measurements. Maybe I could
throw an error only when the user attempts to explicitly enables it.
> > + if (virt_machine_is_confidential(vms)) {
> > + /*
> > + * The host cannot write into a confidential guest's memory until
> > the
> > + * guest shares it. Since the host writes the pvtime region before
> > the
> > + * guest gets a chance to set it up, disable pvtime.
> > + */
> > + steal_time = false;
> > + }
>
> This property is default on since 5.2, so falls into a different category.
> Since 5.2 it is auto-on for 64-bit guests. Since it's auto-off for 32-bit
> guests, I don't see a problem with it being auto-off for RME guests.
>
> I do wonder if we should change it to an OnOffAuto property, just to catch
> silly usage.
I'll look into that
Thanks,
Jean
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [RFC PATCH 04/16] hw/arm/virt: Add support for Arm RME,
Jean-Philippe Brucker <=