packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!967 QEMU update to version 6.2.0-94

Browse Source 
From: @liu-pingwei 
Reviewed-by: @aven6 
Signed-off-by: @aven6
This commit is contained in:
openeuler-ci-bot 2024-06-18 08:47:32 +00:00 committed by Gitee
commit 542c7c192d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch Normal file
View File

@ -0,0 +1,35 @@
From 2830db7bec600915e88bb22847a66d99b047a308 Mon Sep 17 00:00:00 2001
From: liupingwei <liupingwei0317@outlook.com>
Date: Mon, 17 Jun 2024 19:56:48 +0800
Subject: [PATCH] hw/arm/virt:Disable DTB randomness for confidential VMs
The dtb-randomness feature,which adds random seeds to the DTB,isn't
really compatible with confidential VMs since it randomizes the
TMM.Enabling it is not an error,but it prevents attestation.It also
isn't useful to TMM,which dosn't trust host input.
Fixes:12d0d099aecb("Add support for the virtcca cvm feature")
Signed-off-by: liupingwei <liupingwei0317@outlook.com>
---
hw/arm/virt.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index f20775f44c..e0de08e2c1 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -261,7 +261,9 @@ static void create_fdt(VirtMachineState *vms)
/* /chosen must exist for load_dtb to fill in necessary properties later */
qemu_fdt_add_subnode(fdt, "/chosen");
- create_kaslr_seed(ms, "/chosen");
+ if (!virtcca_cvm_enabled()) {
+ create_kaslr_seed(ms, "/chosen");
+ }
if (vms->secure) {
qemu_fdt_add_subnode(fdt, "/secure-chosen");
--
2.31.1.windows.1

6
qemu.spec
View File

@ -3,7 +3,7 @@
Name: qemu
Version: 6.2.0
Release: 93
Release: 94
Epoch: 10
Summary: QEMU is a generic and open source machine emulator and virtualizer
License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@ -968,6 +968,7 @@ Patch0953: Add-support-for-the-virtcca-cvm-feature.patch
Patch0954: hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
Patch0955: tests-qtest-ahci-test-add-test-exposing-reset-issue-.patch
Patch0956: cvm-bug-fix-for-macro-isolation.patch
Patch0957: hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch
BuildRequires: flex
BuildRequires: gcc
@ -1566,6 +1567,9 @@ getent passwd qemu >/dev/null || \
%endif
%changelog
* Tue Jun 18 2024 <liupingwei@huawei.com> - 10:6.2.0-94
- hw/arm/virt: Disable DTB randomness for confidential VMs
* Sat Jun 15 2024 <fengjiabo1@huawei.com> - 10:6.2.0-93
- cvm: bug-fix for macro isolation
- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fix CVE-2023-5088)