[PATCH v12 00/46] arm64: Support for Arm CCA in KVM
Steven Price
steven.price at arm.com
Wed Dec 17 07:28:16 PST 2025
On 17/12/2025 14:55, Marc Zyngier wrote:
> On Wed, 17 Dec 2025 10:10:37 +0000,
> Steven Price <steven.price at arm.com> wrote:
>>
>> This series adds support for running protected VMs using KVM under the
>> Arm Confidential Compute Architecture (CCA). I've changed the uAPI
>> following feedback from Marc.
>>
>> The main change is that rather than providing a multiplex CAP and
>> expecting the VMM to drive the different stages of realm construction,
>> there's now just a minimal interface and KVM performs the necessary
>> operations when needed.
>
> What are the relevant patches? I'd rather not look at the non-2.0
> patches at all, given that they are pretty meaningless for KVM.
Sorry, I really should have included that in the cover letter.
Patch 6 defines the uAPI - so I'd welcome feedback on whether that is
now the right shape.
Patch 11 shows how the "first VCPU run" is handled with a hook in
kvm_arch_vcpu_run_pid_change() (similar to pKVM).
Patch 20 is implementation of the new populate ioctl.
Patch 21 handles the INIT_RIPAS by assuming that any memslot with gmem
is private and should be RIPAS_RAM.
Patch 27 handles the PSCI requests which is the other ioctl. No real
change from the previous posting, but it would be good to know if there
are any issues with the uAPI here.
I think other than those there's either very little change from the
previous series, or it's likely to change with RMM v2.0.
Thanks,
Steve
More information about the linux-arm-kernel
mailing list