| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240709120412.GE13242@willie-the-truck> Date: Tue, 9 Jul 2024 13:04:13 +0100 From: Will Deacon <will@...nel.org> To: Steven Price <steven.price@....com> Cc: kvm@...r.kernel.org, kvmarm@...ts.linux.dev, Catalin Marinas <catalin.marinas@....com>, Marc Zyngier <maz@...nel.org>, James Morse <james.morse@....com>, Oliver Upton <oliver.upton@...ux.dev>, Suzuki K Poulose <suzuki.poulose@....com>, Zenghui Yu <yuzenghui@...wei.com>, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, Joey Gouly <joey.gouly@....com>, Alexandru Elisei <alexandru.elisei@....com>, Christoffer Dall <christoffer.dall@....com>, Fuad Tabba <tabba@...gle.com>, linux-coco@...ts.linux.dev, Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com> Subject: Re: [PATCH v4 00/15] arm64: Support for running as a guest in Arm CCA Hi Steven, On Mon, Jul 01, 2024 at 10:54:50AM +0100, Steven Price wrote: > This series adds support for running Linux in a protected VM under the > Arm Confidential Compute Architecture (CCA). This has been updated > following the feedback from the v3 posting[1]. Thanks for the feedback! > Individual patches have a change log. But things to highlight: Hold onto your hat, I'm going to dust off our pKVM protected guest changes and see what we can share here! I've left a few comments on the series, but the main differences seem to be: - You try to probe really early - You have that horrible split IPA space thing from the RSI spec but some of the mechanisms are broadly similar (e.g. implementing the set_memory_*crypted() API). Hopefully I can give your GIC changes a spin, too. Just one minor (but probably annoying) comment: > arch/arm64/Kconfig | 3 + > arch/arm64/include/asm/fixmap.h | 2 +- > arch/arm64/include/asm/io.h | 8 +- > arch/arm64/include/asm/mem_encrypt.h | 17 ++ > arch/arm64/include/asm/pgtable-hwdef.h | 6 - > arch/arm64/include/asm/pgtable-prot.h | 3 + > arch/arm64/include/asm/pgtable.h | 13 +- > arch/arm64/include/asm/rsi.h | 64 ++++++ > arch/arm64/include/asm/rsi_cmds.h | 134 +++++++++++ > arch/arm64/include/asm/rsi_smc.h | 142 ++++++++++++ > arch/arm64/include/asm/set_memory.h | 3 + > arch/arm64/kernel/Makefile | 3 +- > arch/arm64/kernel/efi.c | 2 +- > arch/arm64/kernel/rsi.c | 104 +++++++++ > arch/arm64/kernel/setup.c | 8 + > arch/arm64/mm/init.c | 10 +- > arch/arm64/mm/pageattr.c | 76 ++++++- > drivers/firmware/psci/psci.c | 25 +++ > drivers/irqchip/irq-gic-v3-its.c | 142 +++++++++--- > drivers/virt/coco/Kconfig | 2 + > drivers/virt/coco/Makefile | 1 + > drivers/virt/coco/arm-cca-guest/Kconfig | 11 + > drivers/virt/coco/arm-cca-guest/Makefile | 2 + > .../virt/coco/arm-cca-guest/arm-cca-guest.c | 211 ++++++++++++++++++ > include/linux/psci.h | 5 + > 25 files changed, 953 insertions(+), 44 deletions(-) > create mode 100644 arch/arm64/include/asm/mem_encrypt.h > create mode 100644 arch/arm64/include/asm/rsi.h > create mode 100644 arch/arm64/include/asm/rsi_cmds.h > create mode 100644 arch/arm64/include/asm/rsi_smc.h > create mode 100644 arch/arm64/kernel/rsi.c > create mode 100644 drivers/virt/coco/arm-cca-guest/Kconfig > create mode 100644 drivers/virt/coco/arm-cca-guest/Makefile > create mode 100644 drivers/virt/coco/arm-cca-guest/arm-cca-guest.c Any chance of some documentation, please? Cheers, Will
Powered by blists - more mailing lists