Re: [RFC PATCH 2/2] hw/arm/raspi: Restrict BCM2835 / BCM2836 SoC to TCG

2021-02-02 Thread Philippe Mathieu-Daudé
On 2/2/21 2:47 PM, Peter Maydell wrote: > On Tue, 2 Feb 2021 at 13:29, Philippe Mathieu-Daudé wrote: >> >> On 2/2/21 1:28 PM, Peter Maydell wrote: >>> At the moment we can reasonably >>> say "only the 'virt' board and one of the Xilinx boards are >>> security-critical". >> >> What about the SBSA-r

Re: [RFC PATCH 2/2] hw/arm/raspi: Restrict BCM2835 / BCM2836 SoC to TCG

2021-02-02 Thread Peter Maydell
On Tue, 2 Feb 2021 at 13:29, Philippe Mathieu-Daudé wrote: > > On 2/2/21 1:28 PM, Peter Maydell wrote: > > At the moment we can reasonably > > say "only the 'virt' board and one of the Xilinx boards are > > security-critical". > > What about the SBSA-ref? It doesn't work with KVM, and enforces it

Re: [RFC PATCH 2/2] hw/arm/raspi: Restrict BCM2835 / BCM2836 SoC to TCG

2021-02-02 Thread Philippe Mathieu-Daudé
On 2/2/21 1:28 PM, Peter Maydell wrote: > On Mon, 1 Feb 2021 at 08:18, Luc Michel wrote: >> On 16:14 Sun 31 Jan , Philippe Mathieu-Daudé wrote: >>> KVM requires the target cpu to be at least ARMv8 architecture >>> (support on ARMv7 has been dropped in commit 82bf7ae84ce: >>> "target/arm: Remov

Re: [RFC PATCH 2/2] hw/arm/raspi: Restrict BCM2835 / BCM2836 SoC to TCG

2021-02-02 Thread Peter Maydell
On Mon, 1 Feb 2021 at 08:18, Luc Michel wrote: > On 16:14 Sun 31 Jan , Philippe Mathieu-Daudé wrote: > > KVM requires the target cpu to be at least ARMv8 architecture > > (support on ARMv7 has been dropped in commit 82bf7ae84ce: > > "target/arm: Remove KVM support for 32-bit Arm hosts"). > Wow

Re: [RFC PATCH 2/2] hw/arm/raspi: Restrict BCM2835 / BCM2836 SoC to TCG

2021-02-01 Thread Paolo Bonzini
On 01/02/21 09:46, Philippe Mathieu-Daudé wrote: +#ifdef CONFIG_TCG I'm not sure it's enough. TCG and KVM can be enabled in the same binary. You'll have to perform a runtime check here I think. If TCG is enabled, all SoC are built in (regardless of KVM enabled). If only KVM is enabled, the TCG

Re: [RFC PATCH 2/2] hw/arm/raspi: Restrict BCM2835 / BCM2836 SoC to TCG

2021-02-01 Thread Philippe Mathieu-Daudé
+Igor (qom) / Eduardo (qdev) / Paolo (accel) On 2/1/21 9:18 AM, Luc Michel wrote: > Hi Philippe, > > On 16:14 Sun 31 Jan , Philippe Mathieu-Daudé wrote: >> KVM requires the target cpu to be at least ARMv8 architecture >> (support on ARMv7 has been dropped in commit 82bf7ae84ce: >> "target/arm

Re: [RFC PATCH 2/2] hw/arm/raspi: Restrict BCM2835 / BCM2836 SoC to TCG

2021-02-01 Thread Luc Michel
Hi Philippe, On 16:14 Sun 31 Jan , Philippe Mathieu-Daudé wrote: > KVM requires the target cpu to be at least ARMv8 architecture > (support on ARMv7 has been dropped in commit 82bf7ae84ce: > "target/arm: Remove KVM support for 32-bit Arm hosts"). Wow, is there absolutely no way to do that then

[RFC PATCH 2/2] hw/arm/raspi: Restrict BCM2835 / BCM2836 SoC to TCG

2021-01-31 Thread Philippe Mathieu-Daudé
KVM requires the target cpu to be at least ARMv8 architecture (support on ARMv7 has been dropped in commit 82bf7ae84ce: "target/arm: Remove KVM support for 32-bit Arm hosts"). >From the various SoC used by the Raspberry Pi machines, only the BCM2837 is an ARMv8 (Cortex-A53). Restrict the BCM2835