On Tue, 8 Jul 2025 at 17:36, Bernhard Beschow <shen...@gmail.com> wrote: > > > > Am 30. Juni 2025 21:03:06 UTC schrieb Peter Maydell > <peter.mayd...@linaro.org>: > >On Mon, 30 Jun 2025 at 21:22, Bernhard Beschow <shen...@gmail.com> wrote: > >> > >> > >> > >> Am 30. Juni 2025 09:09:31 UTC schrieb Peter Maydell > >> <peter.mayd...@linaro.org>: > >> >On Sun, 29 Jun 2025 at 21:49, Bernhard Beschow <shen...@gmail.com> wrote: > >> >> > >> >> Allows the imx8mp-evk machine to be run with KVM acceleration as a > >> >> guest. > >> >> > >> >> Signed-off-by: Bernhard Beschow <shen...@gmail.com> > >> >> --- > >> >> docs/system/arm/imx8mp-evk.rst | 7 +++++++ > >> >> hw/arm/fsl-imx8mp.c | 33 ++++++++++++++++++++++++++++----- > >> >> hw/arm/imx8mp-evk.c | 11 +++++++++++ > >> >> hw/arm/Kconfig | 3 ++- > >> >> hw/arm/meson.build | 2 +- > >> >> 5 files changed, 49 insertions(+), 7 deletions(-) > >> > > >> >This puts a lot of IMX device models onto our security boundary, > >> >which makes me a bit nervous -- that's a lot of code which > >> >wasn't really written or reviewed carefully to ensure it > >> >can't be exploited by a malicious guest. > >> > >> Hi Peter, > >> > >> Does KVM increase the attack surface compared to TCG? > > > >Yes, because our security policy says that TCG is not considered > >a security boundary, whereas KVM is: > > > >https://qemu-project.gitlab.io/qemu/system/security.html > > > >(It would move from "non-virtualization use case" to > >"virtualization use case".) > > Thanks, that document nails my question. > > If KVM requires the imx devices to be inside the security boundary, what > needs to be done to lift them there?
Code audit, fuzzing, commitments to maintenance. Basically I would strongly prefer not to. -- PMM
