[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 01/31] hw/arm/virt: Check for attempt to use TrustZone with KVM or
From: |
Peter Maydell |
Subject: |
[PULL 01/31] hw/arm/virt: Check for attempt to use TrustZone with KVM or HVF |
Date: |
Thu, 21 Apr 2022 12:18:16 +0100 |
It's not possible to provide the guest with the Security extensions
(TrustZone) when using KVM or HVF, because the hardware
virtualization extensions don't permit running EL3 guest code.
However, we weren't checking for this combination, with the result
that QEMU would assert if you tried it:
$ qemu-system-aarch64 -enable-kvm -machine virt,secure=on -cpu host -display
none
Unexpected error in object_property_find_err() at ../../qom/object.c:1304:
qemu-system-aarch64: Property 'host-arm-cpu.secure-memory' not found
Aborted
Check for this combination of options and report an error, in the
same way we already do for attempts to give a KVM or HVF guest the
Virtualization or MTE extensions. Now we will report:
qemu-system-aarch64: mach-virt: KVM does not support providing Security
extensions (TrustZone) to the guest CPU
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/961
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220404155301.566542-1-peter.maydell@linaro.org
---
hw/arm/virt.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 9284f7d28e6..bb6a2484d81 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2048,6 +2048,13 @@ static void machvirt_init(MachineState *machine)
exit(1);
}
+ if (vms->secure && (kvm_enabled() || hvf_enabled())) {
+ error_report("mach-virt: %s does not support providing "
+ "Security extensions (TrustZone) to the guest CPU",
+ kvm_enabled() ? "KVM" : "HVF");
+ exit(1);
+ }
+
if (vms->virt && (kvm_enabled() || hvf_enabled())) {
error_report("mach-virt: %s does not support providing "
"Virtualization extensions to the guest CPU",
--
2.25.1
- [PULL 00/31] target-arm queue, Peter Maydell, 2022/04/21
- [PULL 01/31] hw/arm/virt: Check for attempt to use TrustZone with KVM or HVF,
Peter Maydell <=
- [PULL 03/31] hw/arm/xlnx-zynqmp: Connect 4 TTC timers, Peter Maydell, 2022/04/21
- [PULL 02/31] timer: cadence_ttc: Break out header file to allow embedding, Peter Maydell, 2022/04/21
- [PULL 04/31] hw/arm: versal: Create an APU CPU Cluster, Peter Maydell, 2022/04/21
- [PULL 07/31] hw/arm: versal: Connect the CRL, Peter Maydell, 2022/04/21
- [PULL 06/31] hw/misc: Add a model of the Xilinx Versal CRL, Peter Maydell, 2022/04/21
- [PULL 05/31] hw/arm: versal: Add the Cortex-R5Fs, Peter Maydell, 2022/04/21
- [PULL 08/31] hw/arm/exynos4210: Use TYPE_OR_IRQ instead of custom OR-gate device, Peter Maydell, 2022/04/21
- [PULL 10/31] hw/arm/exynos4210: Put a9mpcore device into state struct, Peter Maydell, 2022/04/21
- [PULL 09/31] hw/intc/exynos4210_gic: Remove unused TYPE_EXYNOS4210_IRQ_GATE, Peter Maydell, 2022/04/21
- [PULL 11/31] hw/arm/exynos4210: Drop int_gic_irq[] from Exynos4210Irq struct, Peter Maydell, 2022/04/21