Add an early parameter that allows users to select the mode of operation
for KVM/arm64.
For now, the only supported value is "protected". By passing this flag
users opt into the hypervisor placing additional restrictions on the
host kernel. These allow the hypervisor to spawn guests whose state is
kept private from the host. Restrictions will include stage-2 address
translation to prevent host from accessing guest memory, filtering its
SMC calls, etc.
Without this parameter, the default behaviour remains selecting VHE/nVHE
based on hardware support and CONFIG_ARM64_VHE.
Signed-off-by: David Brazdil <dbrazdil@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20201202184122.26046-2-dbrazdil@google.com
(cherry picked from commit d8b369c4e3)
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: I1fe46bb18b40d0a1df41a600a07b848f82988ac6
Bug: 178098380
Test: atest VirtualizationHostTestCases on an EL2-enabled device
da4c7bf5d8
