Skip to content
Commit 048be5fe authored by Will Deacon's avatar Will Deacon Committed by Oliver Upton
Browse files

KVM: arm64: Block unsafe FF-A calls from the host 



When KVM is initialised in protected mode, we must take care to filter
certain FFA calls from the host kernel so that the integrity of guest
and hypervisor memory is maintained and is not made available to the
secure world.

As a first step, intercept and block all memory-related FF-A SMC calls
from the host to EL3 and don't advertise any FF-A features. This puts
the framework in place for handling them properly.

Co-developed-by: default avatarAndrew Walbran <qwandor@google.com>
Signed-off-by: default avatarAndrew Walbran <qwandor@google.com>
Signed-off-by: default avatarWill Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20230523101828.7328-2-will@kernel.org


Signed-off-by: default avatarOliver Upton <oliver.upton@linux.dev>
parent f1fcbaa1
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment