** Description changed: [ Impact ] ARM Confidential Compute Architecture (CCA) provides hardware-enforced isolation for confidential virtual machines called "Realms" on ARM64 platforms. This patch series enables CCA support for NVIDIA Vera platforms. This series is based on the ARM KVM RME host support patches (v10), rebased for the 6.17 kernel: https://lore.kernel.org/linux-coco/[email protected]/ This series enables: -KVM host support for creating and managing Realms via the Realm Management Extension (RME) -MECID (Memory Encryption Context ID) for improved isolation between Realms -Required CCA kernel configuration options [ Test Plan ] Deploy and test on NVIDIA Vera platform with RMM firmware Verify Realm guest VMs boot and run successfully CCA testing requires specialized hardware and firmware. Testing performed by NVIDIA CCA team. [ Where problems could occur ] Bugs in the KVM/RME integration could cause Realm guest failures or host instability. Issues would be limited to CCA-enabled platforms running Realm workloads. [ Other Info ] Patch summary: 43 patches for upstream v10 KVM/RME host support - marked as SAUCE because not in upstream kernel yet. 3 upstream cherry-picks: arm64: realm: ioremap: Allow mapping memory as encrypted arm64: acpi: Enable ACPI CCEL support arm64: Enable EFI secret area Securityfs support 4 SAUCE patches: - arm64: RME: Fix UBSAN shift-out-of-bounds in kvm_realm_unmap_range - arm64: RME: Add MECID support - arm64: RME: Add bounds check - [Config] Update ARM CCA annotations + NVIDIA: VR: SAUCE: KVM: arm64: Expose KVM_CAP_ARM_RME via module parameter + NVIDIA: VR: SAUCE: arm64: RME: Add MECID support + NVIDIA: VR: SAUCE: arm64: RME: Add bounds check + NVIDIA: VR: SAUCE: [Config] Update ARM CCA annotations
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2139249 Title: Add ARM CCA host support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-nvidia-6.17/+bug/2139249/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
