[PATCH v2] KVM: arm64: Use different pointer authentication keys for pKVM
Oliver Upton
oliver.upton at linux.dev
Wed Jun 14 08:31:28 PDT 2023
On Wed, 14 Jun 2023 12:25:59 +0000, Mostafa Saleh wrote:
> When the use of pointer authentication is enabled in the kernel it
> applies to both the kernel itself as well as KVM's nVHE hypervisor. The
> same keys are used for both the kernel and the nVHE hypervisor, which is
> less than desirable for pKVM as the host is not trusted at runtime.
>
> Naturally, the fix is to use a different set of keys for the hypervisor
> when running in protected mode. Have the host generate a new set of keys
> for the hypervisor before deprivileging the kernel. While there might be
> other sources of random directly available at EL2, this keeps the
> implementation simple, and the host is trusted anyways until it is
> deprivileged.
>
> [...]
Applied to kvmarm/next, thanks!
[1/1] KVM: arm64: Use different pointer authentication keys for pKVM
https://git.kernel.org/kvmarm/kvmarm/c/8c15c2a02810
--
Best,
Oliver
More information about the linux-arm-kernel
mailing list