On 01/07/2026 06:49, Aneesh Kumar K.V (Arm) wrote:
arm64 Realms, powerpc secure guests and s390 protected virtualization
guests currently report CC_ATTR_MEM_ENCRYPT, but not
CC_ATTR_GUEST_MEM_ENCRYPT.

These environments are all secure guest configurations. Their
force_dma_unencrypted() implementations also treat the same secure guest
state as requiring unencrypted DMA. Report CC_ATTR_GUEST_MEM_ENCRYPT for
the same condition so generic confidential-computing code can distinguish
guest memory encryption from host memory encryption instead of relying only
on CC_ATTR_MEM_ENCRYPT.

Signed-off-by: Aneesh Kumar K.V (Arm) <[email protected]>


For arm64 bits:



---
  arch/arm64/kernel/rsi.c                      | 1 +
  arch/powerpc/platforms/pseries/cc_platform.c | 1 +
  arch/s390/mm/init.c                          | 1 +
  3 files changed, 3 insertions(+)

diff --git a/arch/arm64/kernel/rsi.c b/arch/arm64/kernel/rsi.c
index 92160f2e57ff..207e36db1e7a 100644
--- a/arch/arm64/kernel/rsi.c
+++ b/arch/arm64/kernel/rsi.c
@@ -27,6 +27,7 @@ bool cc_platform_has(enum cc_attr attr)
  {
        switch (attr) {
        case CC_ATTR_MEM_ENCRYPT:
+       case CC_ATTR_GUEST_MEM_ENCRYPT:
                return is_realm_world();
        default:
                return false;

Reviewed-by: Suzuki K Poulose <[email protected]>


Suzuki

Reply via email to