Not having PtrAuth on non-VHE KVM (for whatever reason VHE is not enabled on a v8.3 system) has always looked like an oddity. This trivial series remedies it, and allows a non-VHE KVM to offer PtrAuth to its guests. In the tradition of not having separate security between host-EL1 and EL2, EL2 reuses the keys set up by host-EL1. It is likely that, should we switch to a mode where EL2 is more distrusting of EL1, we'd have private keys there. The last patch is just an optimisation which I've lobbed with the rest of the series in order not to forget it. Marc Zyngier (4): KVM: arm64: Enable Pointer Authentication at EL2 if available KVM: arm64: Allow ARM64_PTR_AUTH when ARM64_VHE=n KVM: arm64: Allow PtrAuth to be enabled from userspace on non-VHE systems KVM: arm64: Check HCR_EL2 instead of shadow copy to swap PtrAuth registers arch/arm64/Kconfig | 4 +--- arch/arm64/include/asm/kvm_ptrauth.h | 4 ++-- arch/arm64/kvm/hyp-init.S | 11 +++++++++++ arch/arm64/kvm/reset.c | 21 ++++++++++----------- 4 files changed, 24 insertions(+), 16 deletions(-) -- 2.27.0 _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm