Am 30. Juni 2025 09:09:31 UTC schrieb Peter Maydell <peter.mayd...@linaro.org>:
>On Sun, 29 Jun 2025 at 21:49, Bernhard Beschow <shen...@gmail.com> wrote:
>>
>> Allows the imx8mp-evk machine to be run with KVM acceleration as a guest.
>>
>> Signed-off-by: Bernhard Beschow <shen...@gmail.com>
>> ---
>> docs/system/arm/imx8mp-evk.rst | 7 +++++++
>> hw/arm/fsl-imx8mp.c | 33 ++++++++++++++++++++++++++++-----
>> hw/arm/imx8mp-evk.c | 11 +++++++++++
>> hw/arm/Kconfig | 3 ++-
>> hw/arm/meson.build | 2 +-
>> 5 files changed, 49 insertions(+), 7 deletions(-)
>
>This puts a lot of IMX device models onto our security boundary,
>which makes me a bit nervous -- that's a lot of code which
>wasn't really written or reviewed carefully to ensure it
>can't be exploited by a malicious guest.
Hi Peter,
Does KVM increase the attack surface compared to TCG? Is there anything I could
read to better understand the problem, both in technical and in policy terms?
Since the i.MX 8M Plus has pretty capable CPUs it would be really to have KVM
acceleration.
Thanks,
Bernhard
>
>-- PMM
