PAuth (Pointer Authentication), a security feature in software, is
relevant for both KVM and QEMU. Relect this fact into the docs:
- For KVM, `pauth` is a binary, "on" vs "off" option. The host CPU
will choose the cryptographic algorithm.
- For TCG, however, along with `pauth`, a couple of properties can be
controlled -- they're are related to cryptographic algorithm choice.
Thanks to Peter Maydell and Marc Zyngier for explaining more about PAuth
on IRC (#qemu, OFTC).
Signed-off-by: Kashyap Chamarthy <kcham...@redhat.com>
---
docs/system/arm/cpu-features.rst | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
index 78f18c87a81..7f99f7614b4 100644
--- a/docs/system/arm/cpu-features.rst
+++ b/docs/system/arm/cpu-features.rst
@@ -204,11 +204,26 @@ the list of KVM vCPU features and their descriptions.
the guest scheduler behavior and/or be exposed to the guest
userspace.
-TCG vCPU Features
-=================
+"PAuth" (Pointer Authentication)
+================================
+
+PAuth (Pointer Authentication) is a security feature in software that
+was introduced in Armv8.3-A and Armv9.0-A. It aims to protect against
+ROP (return-oriented programming) attacks.
+
+KVM
+---
+
+``pauth``
+
+ Enable or disable ``FEAT_Pauth``. The host silicon will choose the
+ cryptographic algorithm. No other properties can be controlled.
+
+TCG
+---
-TCG vCPU features are CPU features that are specific to TCG.
-Below is the list of TCG vCPU features and their descriptions.
+For TCG, along with ``pauth``, it is possible to control a few other
+properties of PAuth:
``pauth``
Enable or disable ``FEAT_Pauth`` entirely.
--
2.48.1
