QEMU update to version 6.2.0-94
- hw/arm/virt: Disable DTB randomness for confidential VMs Signed-off-by: liupingwei <liupingwei0317@outlook.com>
This commit is contained in:
tujipei
liupingwei
parent
894939f4aa
commit
c85e7c13d4
35
hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch
Normal file
35
hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 2830db7bec600915e88bb22847a66d99b047a308 Mon Sep 17 00:00:00 2001
|
||||
From: liupingwei <liupingwei0317@outlook.com>
|
||||
Date: Mon, 17 Jun 2024 19:56:48 +0800
|
||||
Subject: [PATCH] hw/arm/virt:Disable DTB randomness for confidential VMs
|
||||
|
||||
The dtb-randomness feature,which adds random seeds to the DTB,isn't
|
||||
really compatible with confidential VMs since it randomizes the
|
||||
TMM.Enabling it is not an error,but it prevents attestation.It also
|
||||
isn't useful to TMM,which dosn't trust host input.
|
||||
|
||||
Fixes:12d0d099aecb("Add support for the virtcca cvm feature")
|
||||
|
||||
Signed-off-by: liupingwei <liupingwei0317@outlook.com>
|
||||
---
|
||||
hw/arm/virt.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
|
||||
index f20775f44c..e0de08e2c1 100644
|
||||
--- a/hw/arm/virt.c
|
||||
+++ b/hw/arm/virt.c
|
||||
@@ -261,7 +261,9 @@ static void create_fdt(VirtMachineState *vms)
|
||||
|
||||
/* /chosen must exist for load_dtb to fill in necessary properties later */
|
||||
qemu_fdt_add_subnode(fdt, "/chosen");
|
||||
- create_kaslr_seed(ms, "/chosen");
|
||||
+ if (!virtcca_cvm_enabled()) {
|
||||
+ create_kaslr_seed(ms, "/chosen");
|
||||
+ }
|
||||
|
||||
if (vms->secure) {
|
||||
qemu_fdt_add_subnode(fdt, "/secure-chosen");
|
||||
--
|
||||
2.31.1.windows.1
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
Name: qemu
|
||||
Version: 6.2.0
|
||||
Release: 93
|
||||
Release: 94
|
||||
Epoch: 10
|
||||
Summary: QEMU is a generic and open source machine emulator and virtualizer
|
||||
License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
|
||||
@ -968,6 +968,7 @@ Patch0953: Add-support-for-the-virtcca-cvm-feature.patch
|
||||
Patch0954: hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
|
||||
Patch0955: tests-qtest-ahci-test-add-test-exposing-reset-issue-.patch
|
||||
Patch0956: cvm-bug-fix-for-macro-isolation.patch
|
||||
Patch0957: hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch
|
||||
|
||||
BuildRequires: flex
|
||||
BuildRequires: gcc
|
||||
@ -1566,6 +1567,9 @@ getent passwd qemu >/dev/null || \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jun 18 2024 <liupingwei@huawei.com> - 10:6.2.0-94
|
||||
- hw/arm/virt: Disable DTB randomness for confidential VMs
|
||||
|
||||
* Sat Jun 15 2024 <fengjiabo1@huawei.com> - 10:6.2.0-93
|
||||
- cvm: bug-fix for macro isolation
|
||||
- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fix CVE-2023-5088)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user