[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] hw/arm: add control knob to disable kaslr_seed via DTB

From: Heinrich Schuchardt
Subject: Re: [PATCH] hw/arm: add control knob to disable kaslr_seed via DTB
Date: Thu, 16 Dec 2021 18:10:08 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0

On 12/15/21 13:09, Alex Bennée wrote:
Generally a guest needs an external source of randomness to properly
enable things like address space randomisation. However in a trusted
boot environment where the firmware will cryptographically verify
components having random data in the DTB will cause verification to
fail. Add a control knob so we can prevent this being added to the
system DTB.

Signed-off-by: Alex Bennée<alex.bennee@linaro.org>
Cc: Ilias Apalodimas<ilias.apalodimas@linaro.org>
Cc: Jerome Forissier<jerome@forissier.org>
  docs/system/arm/virt.rst |  7 +++++++
  include/hw/arm/virt.h    |  1 +
  hw/arm/virt.c            | 32 ++++++++++++++++++++++++++++++--
  3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index 850787495b..c86a4808df 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -121,6 +121,13 @@ ras
    Set ``on``/``off`` to enable/disable reporting host memory errors to a guest
    using ACPI and guest external abort exceptions. The default is off.

Tested on top of QEMU v6.1.0

Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]