Re: [PATCH v3 16/26] hw/arm/virt: Disable DTB randomness for confidentia

qemu-arm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 16/26] hw/arm/virt: Disable DTB randomness for confidentia

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH v3 16/26] hw/arm/virt: Disable DTB randomness for confidential VMs
Date:	Thu, 5 Dec 2024 23:03:40 +0100
User-agent:	Mozilla Thunderbird

On 25/11/24 20:56, Jean-Philippe Brucker wrote:

The dtb-randomness feature, which adds random seeds to the DTB, isn't
really compatible with confidential VMs since it randomizes the Realm
Initial Measurement. Enabling it is not an error, but it prevents
attestation. It also isn't useful to a Realm, which doesn't trust host
input.

Currently the feature is automatically enabled, unless the user disables
it on the command-line. Change it to OnOffAuto, and automatically
disable it for confidential VMs, unless the user explicitly enables it.

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
---
  docs/system/arm/virt.rst |  9 +++++----
  include/hw/arm/virt.h    |  2 +-
  hw/arm/virt.c            | 41 +++++++++++++++++++++++++---------------
  3 files changed, 32 insertions(+), 20 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v3 16/26] hw/arm/virt: Disable DTB randomness for confidential VMs, Philippe Mathieu-Daudé <=

Prev by Date: Re: [PATCH v3 08/26] hw/core/loader: Add ROM loader notifier
Next by Date: Re: [RFC PATCH v3 23/26] hw/tpm: Add TPM event log
Previous by thread: Re: [PATCH v3 08/26] hw/core/loader: Add ROM loader notifier
Next by thread: Re: [RFC PATCH v3 23/26] hw/tpm: Add TPM event log
Index(es):
- Date
- Thread