| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250926110254.55449-1-steven.price@arm.com> Date: Fri, 26 Sep 2025 12:02:49 +0100 From: Steven Price <steven.price@....com> To: kvm@...r.kernel.org, kvmarm@...ts.linux.dev Cc: Catalin Marinas <catalin.marinas@....com>, Marc Zyngier <maz@...nel.org>, Will Deacon <will@...nel.org>, Oliver Upton <oliver.upton@...ux.dev>, Suzuki K Poulose <suzuki.poulose@....com>, Zenghui Yu <yuzenghui@...wei.com>, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, Joey Gouly <joey.gouly@....com>, Fuad Tabba <tabba@...gle.com>, linux-coco@...ts.linux.dev, Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com>, Gavin Shan <gshan@...hat.com>, Shanker Donthineni <sdonthineni@...dia.com>, Alper Gun <alpergun@...gle.com>, "Aneesh Kumar K . V" <aneesh.kumar@...nel.org>, Emi Kisanuki <fj0570is@...itsu.com>, Vishal Annapurve <vannapurve@...gle.com>, Steven Price <steven.price@....com> Subject: [RFC PATCH 0/5] Arm CCA planes support The Arm CCA (Confidential Compute Architecture) RMM version 1.1 specification[1] adds support for a concept of "planes". This allows a realm to be divided into multiple execution environments with memory separation between them (while still sharing the same IPA to PA translations). There's an overview on the Arm website[2]. The TF-RMM project[3] recently merged support for planes to their "main" branch and this an early preview of the corresponding Linux changes to support the feature. Note you need to enable the (experimental) RMM_V1_1 configuration option to enable this feature. This series is based on the v10 posting of the CCA host support series[4] and is also available as a git tree: https://gitlab.arm.com/linux-arm/linux-cca.git/ cca/planes/rfc-v1 A hacked up version of kvmtool to launch a realm guest with an extra plan is available here: https://gitlab.arm.com/linux-arm/kvmtool-cca.git/ cca/planes/rfc-v1 Note: The kvmtool support is a hack - it simply (unconditionally) enables a single extra plane (for a total of two planes: P0 and P1). This should obviously be a configuration option and should support other numbers of planes. But it gives an easy way of testing the support for auxiliary RTTs while running a single guest image (i.e. leaving P1 empty). This series was written against the RMM v1.1 alp14 specification. Those who are following things closely will know we're up to alp16, however there are no major changes affecting planes between these two versions. The spec is still alpha, so there may well be changes in the future. [1] https://developer.arm.com/-/cdn-downloads/permalink/Architectures/Armv9/DEN0137_1.1-alp14.zip [2] https://developer.arm.com/documentation/den0125/400/Arm-CCA-Extensions#md239-arm-cca-extensions__realm-planes [3] https://www.trustedfirmware.org/projects/tf-rmm/ [4] https://lore.kernel.org/r/20250820145606.180644-1-steven.price%40arm.com Steven Price (5): arm64: RME: Add SMC definitions introduced in RMM v1.1 arm64: RME: Handle auxiliary RTT trees arm64: RME: Support RMI_EXIT_S2AP_CHANGE arm64: rme: Allocate AUX RTT PGDs and VMIDs arm64: RME: Support num_aux_places & rtt_tree_pp realm parameters arch/arm64/include/asm/kvm_rme.h | 13 +- arch/arm64/include/asm/rmi_cmds.h | 1104 +++++++++++++++++++++++++++-- arch/arm64/include/asm/rmi_smc.h | 121 +++- arch/arm64/include/uapi/asm/kvm.h | 12 + arch/arm64/kvm/mmu.c | 15 +- arch/arm64/kvm/rme-exit.c | 33 +- arch/arm64/kvm/rme.c | 441 +++++++++++- 7 files changed, 1618 insertions(+), 121 deletions(-) -- 2.43.0
Powered by blists - more mailing lists