From 2830db7bec600915e88bb22847a66d99b047a308 Mon Sep 17 00:00:00 2001
From: liupingwei <liupingwei0317@outlook.com>
Date: Mon, 17 Jun 2024 19:56:48 +0800
Subject: [PATCH] hw/arm/virt:Disable DTB randomness for confidential VMs

The dtb-randomness feature,which adds random seeds to the DTB,isn't
really compatible with confidential VMs since it randomizes the
TMM.Enabling it is not an error,but it prevents attestation.It also
isn't useful to TMM,which dosn't trust host input.

Fixes:12d0d099aecb("Add support for the virtcca cvm feature")

Signed-off-by: liupingwei <liupingwei0317@outlook.com>
---
 hw/arm/virt.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index f20775f44c..e0de08e2c1 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -261,7 +261,9 @@ static void create_fdt(VirtMachineState *vms)
 
     /* /chosen must exist for load_dtb to fill in necessary properties later */
     qemu_fdt_add_subnode(fdt, "/chosen");
-    create_kaslr_seed(ms, "/chosen");
+    if (!virtcca_cvm_enabled()) {
+        create_kaslr_seed(ms, "/chosen");
+    }
 
     if (vms->secure) {
         qemu_fdt_add_subnode(fdt, "/secure-chosen");
-- 
2.31.1.windows.1