aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2022-04-04 16:30:23 +0100
committerPeter Maydell <peter.maydell@linaro.org>2022-04-04 16:30:23 +0100
commitad8bf3611e80030e45ad9968add2e8bba46c5b27 (patch)
treec8c16dcc9be0f957f5a22813e2bc73654fc3458f
parent938285113a4cebd14934007379cba534fd84c772 (diff)
hw/arm/virt: Check for attempt to use TrustZone with KVM or HVFexynos-gic
It's not possible to provide the guest with the Security extensions (TrustZone) when using KVM or HVF, because the hardware virtualization extensions don't permit running EL3 guest code. However, we weren't checking for this combination, with the result that QEMU would assert if you tried it: $ qemu-system-aarch64 -enable-kvm -machine virt,secure=on -cpu host -display none Unexpected error in object_property_find_err() at ../../qom/object.c:1304: qemu-system-aarch64: Property 'host-arm-cpu.secure-memory' not found Aborted Check for this combination of options and report an error, in the same way we already do for attempts to give a KVM or HVF guest the Virtualization or MTE extensions. Now we will report: Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--hw/arm/virt.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index d2e5ecd234..8f94e2fde6 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2048,6 +2048,13 @@ static void machvirt_init(MachineState *machine)
exit(1);
}
+ if (vms->secure && (kvm_enabled() || hvf_enabled())) {
+ error_report("mach-virt: %s does not support providing "
+ "Security extensions (TrustZone) to the guest CPU",
+ kvm_enabled() ? "KVM" : "HVF");
+ exit(1);
+ }
+
if (vms->virt && (kvm_enabled() || hvf_enabled())) {
error_report("mach-virt: %s does not support providing "
"Virtualization extensions to the guest CPU",