Not having PtrAuth on non-VHE KVM (for whatever reason VHE is not
enabled on a v8.3 system) has always looked like an oddity. This
trivial series remedies it, and allows a non-VHE KVM to offer PtrAuth
to its guests.
In the tradition of not having separate security between host-EL1 and
EL2, EL2 reuses the keys set up by host-EL1. It is likely that, should
we switch to a mode where EL2 is more distrusting of EL1, we'd have
private keys there.
The last patch is just an optimisation which I've lobbed with the rest
of the series in order not to forget it.
Marc Zyngier (4):
KVM: arm64: Enable Pointer Authentication at EL2 if available
KVM: arm64: Allow ARM64_PTR_AUTH when ARM64_VHE=n
KVM: arm64: Allow PtrAuth to be enabled from userspace on non-VHE
systems
KVM: arm64: Check HCR_EL2 instead of shadow copy to swap PtrAuth
registers
arch/arm64/Kconfig | 4 +---
arch/arm64/include/asm/kvm_ptrauth.h | 4 ++--
arch/arm64/kvm/hyp-init.S | 11 +++++++++++
arch/arm64/kvm/reset.c | 21 ++++++++++-----------
4 files changed, 24 insertions(+), 16 deletions(-)
--
2.27.0
