On 26/9/25 16:01, Daniel P. Berrangé wrote:
TCG is too complex to be considered to provide a security boundary
for malicious guest workloads. QTest is only used for functional
testing and thus is not relevant to mark secure.
KVM, HVF and Xen, meanwhile are all servicing virtualization use
cases which must provide security.
Signed-off-by: Daniel P. Berrangé <[email protected]>
---
accel/accel-common.c | 1 +
accel/accel-system.c | 1 +
accel/accel-target.c | 1 +
accel/hvf/hvf-accel-ops.c | 1 +
accel/hvf/hvf-all.c | 1 +
accel/kvm/kvm-accel-ops.c | 1 +
accel/kvm/kvm-all.c | 1 +
accel/qtest/qtest.c | 2 ++
accel/tcg/tcg-accel-ops.c | 1 +
accel/tcg/tcg-all.c | 1 +
accel/xen/xen-all.c | 2 ++
11 files changed, 13 insertions(+)
diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index 8b794c2d41..e807103379 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -397,6 +397,7 @@ static const TypeInfo hvf_accel_ops_type = {
.parent = TYPE_ACCEL_OPS,
.class_init = hvf_accel_ops_class_init,
.abstract = true,
+ .secure = true,
IMHO an accelerator must be at least "supported" (in the MAINTAINERS
definition, "Someone is actually paid to look after this") to declare
it secure.
So far HVF is not, and the current developers interacting with it
don't seem to have time to cary such burden / responsibility.
My 2 cents.
};
static void hvf_accel_ops_register_types(void)
diff --git a/accel/hvf/hvf-all.c b/accel/hvf/hvf-all.c
index 0a4b498e83..1d49a59053 100644
--- a/accel/hvf/hvf-all.c
+++ b/accel/hvf/hvf-all.c
@@ -304,6 +304,7 @@ static const TypeInfo hvf_accel_type = {
.parent = TYPE_ACCEL,
.instance_size = sizeof(HVFState),
.class_init = hvf_accel_class_init,
+ .secure = true,
};
