[PATCH v2] KVM: arm64: Use different pointer authentication keys for pKVM

Oliver Upton oliver.upton at linux.dev
Wed Jun 14 08:31:28 PDT 2023


On Wed, 14 Jun 2023 12:25:59 +0000, Mostafa Saleh wrote:
> When the use of pointer authentication is enabled in the kernel it
> applies to both the kernel itself as well as KVM's nVHE hypervisor. The
> same keys are used for both the kernel and the nVHE hypervisor, which is
> less than desirable for pKVM as the host is not trusted at runtime.
> 
> Naturally, the fix is to use a different set of keys for the hypervisor
> when running in protected mode. Have the host generate a new set of keys
> for the hypervisor before deprivileging the kernel. While there might be
> other sources of random directly available at EL2, this keeps the
> implementation simple, and the host is trusted anyways until it is
> deprivileged.
> 
> [...]

Applied to kvmarm/next, thanks!

[1/1] KVM: arm64: Use different pointer authentication keys for pKVM
      https://git.kernel.org/kvmarm/kvmarm/c/8c15c2a02810

--
Best,
Oliver



More information about the linux-arm-kernel mailing list