dc351cd685
- hw/arm/virt: Disable DTB randomness for confidential VMs Signed-off-by: liupingwei <liupingwei0317@outlook.com> (cherry picked from commit c85e7c13d4af40380dedc26c5412742c2c5ef36d)
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From 2830db7bec600915e88bb22847a66d99b047a308 Mon Sep 17 00:00:00 2001
|
|
From: liupingwei <liupingwei0317@outlook.com>
|
|
Date: Mon, 17 Jun 2024 19:56:48 +0800
|
|
Subject: [PATCH] hw/arm/virt:Disable DTB randomness for confidential VMs
|
|
|
|
The dtb-randomness feature,which adds random seeds to the DTB,isn't
|
|
really compatible with confidential VMs since it randomizes the
|
|
TMM.Enabling it is not an error,but it prevents attestation.It also
|
|
isn't useful to TMM,which dosn't trust host input.
|
|
|
|
Fixes:12d0d099aecb("Add support for the virtcca cvm feature")
|
|
|
|
Signed-off-by: liupingwei <liupingwei0317@outlook.com>
|
|
---
|
|
hw/arm/virt.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
|
|
index f20775f44c..e0de08e2c1 100644
|
|
--- a/hw/arm/virt.c
|
|
+++ b/hw/arm/virt.c
|
|
@@ -261,7 +261,9 @@ static void create_fdt(VirtMachineState *vms)
|
|
|
|
/* /chosen must exist for load_dtb to fill in necessary properties later */
|
|
qemu_fdt_add_subnode(fdt, "/chosen");
|
|
- create_kaslr_seed(ms, "/chosen");
|
|
+ if (!virtcca_cvm_enabled()) {
|
|
+ create_kaslr_seed(ms, "/chosen");
|
|
+ }
|
|
|
|
if (vms->secure) {
|
|
qemu_fdt_add_subnode(fdt, "/secure-chosen");
|
|
--
|
|
2.31.1.windows.1
|
|
|