@@ -219,7 +219,10 @@ Below is the list of TCG VCPU features and their descriptions.
``pauth-qarma3``
When ``pauth`` is enabled, select the architected QARMA3 algorithm.
-Without either ``pauth-impdef`` or ``pauth-qarma3`` enabled,
+``pauth-qarma5``
+ When ``pauth`` is enabled, select the architected QARMA5 algorithm.
+
+Without ``pauth-impdef``, ``pauth-qarma3`` or ``pauth-qarma5`` enabled,
the architected QARMA5 algorithm is used. The architected QARMA5
and QARMA3 algorithms have good cryptographic properties, but can
be quite slow to emulate. The impdef algorithm used by QEMU is
@@ -1062,6 +1062,7 @@ struct ArchCPU {
bool prop_pauth;
bool prop_pauth_impdef;
bool prop_pauth_qarma3;
+ bool prop_pauth_qarma5;
bool prop_lpa2;
/* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
@@ -94,7 +94,7 @@ static const char *cpu_model_advertised_features[] = {
"sve640", "sve768", "sve896", "sve1024", "sve1152", "sve1280",
"sve1408", "sve1536", "sve1664", "sve1792", "sve1920", "sve2048",
"kvm-no-adjvtime", "kvm-steal-time",
- "pauth", "pauth-impdef", "pauth-qarma3",
+ "pauth", "pauth-impdef", "pauth-qarma3", "pauth-qarma5",
NULL
};
@@ -520,9 +520,12 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
}
if (cpu->prop_pauth) {
- if (cpu->prop_pauth_impdef && cpu->prop_pauth_qarma3) {
+ if ((cpu->prop_pauth_impdef && cpu->prop_pauth_qarma3) ||
+ (cpu->prop_pauth_impdef && cpu->prop_pauth_qarma5) ||
+ (cpu->prop_pauth_qarma3 && cpu->prop_pauth_qarma5)) {
error_setg(errp,
- "cannot enable both pauth-impdef and pauth-qarma3");
+ "cannot enable pauth-impdef, pauth-qarma3 and "
+ "pauth-qarma5 at the same time");
return;
}
@@ -532,13 +535,15 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
} else if (cpu->prop_pauth_qarma3) {
isar2 = FIELD_DP64(isar2, ID_AA64ISAR2, APA3, features);
isar2 = FIELD_DP64(isar2, ID_AA64ISAR2, GPA3, 1);
- } else {
+ } else { /* default is pauth-qarma5 */
isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, APA, features);
isar1 = FIELD_DP64(isar1, ID_AA64ISAR1, GPA, 1);
}
- } else if (cpu->prop_pauth_impdef || cpu->prop_pauth_qarma3) {
- error_setg(errp, "cannot enable pauth-impdef or "
- "pauth-qarma3 without pauth");
+ } else if (cpu->prop_pauth_impdef ||
+ cpu->prop_pauth_qarma3 ||
+ cpu->prop_pauth_qarma5) {
+ error_setg(errp, "cannot enable pauth-impdef, pauth-qarma3 or "
+ "pauth-qarma5 without pauth");
error_append_hint(errp, "Add pauth=on to the CPU property list.\n");
}
}
@@ -553,6 +558,8 @@ static const Property arm_cpu_pauth_impdef_property =
DEFINE_PROP_BOOL("pauth-impdef", ARMCPU, prop_pauth_impdef, false);
static const Property arm_cpu_pauth_qarma3_property =
DEFINE_PROP_BOOL("pauth-qarma3", ARMCPU, prop_pauth_qarma3, false);
+static Property arm_cpu_pauth_qarma5_property =
+ DEFINE_PROP_BOOL("pauth-qarma5", ARMCPU, prop_pauth_qarma5, false);
void aarch64_add_pauth_properties(Object *obj)
{
@@ -573,6 +580,7 @@ void aarch64_add_pauth_properties(Object *obj)
} else {
qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_impdef_property);
qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_qarma3_property);
+ qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_qarma5_property);
}
}
@@ -419,21 +419,28 @@ static void pauth_tests_default(QTestState *qts, const char *cpu_type)
assert_has_feature_enabled(qts, cpu_type, "pauth");
assert_has_feature_disabled(qts, cpu_type, "pauth-impdef");
assert_has_feature_disabled(qts, cpu_type, "pauth-qarma3");
+ assert_has_feature_disabled(qts, cpu_type, "pauth-qarma5");
assert_set_feature(qts, cpu_type, "pauth", false);
assert_set_feature(qts, cpu_type, "pauth", true);
assert_set_feature(qts, cpu_type, "pauth-impdef", true);
assert_set_feature(qts, cpu_type, "pauth-impdef", false);
assert_set_feature(qts, cpu_type, "pauth-qarma3", true);
assert_set_feature(qts, cpu_type, "pauth-qarma3", false);
+ assert_set_feature(qts, cpu_type, "pauth-qarma5", true);
+ assert_set_feature(qts, cpu_type, "pauth-qarma5", false);
assert_error(qts, cpu_type,
- "cannot enable pauth-impdef or pauth-qarma3 without pauth",
+ "cannot enable pauth-impdef, pauth-qarma3 or pauth-qarma5 without pauth",
"{ 'pauth': false, 'pauth-impdef': true }");
assert_error(qts, cpu_type,
- "cannot enable pauth-impdef or pauth-qarma3 without pauth",
+ "cannot enable pauth-impdef, pauth-qarma3 or pauth-qarma5 without pauth",
"{ 'pauth': false, 'pauth-qarma3': true }");
assert_error(qts, cpu_type,
- "cannot enable both pauth-impdef and pauth-qarma3",
- "{ 'pauth': true, 'pauth-impdef': true, 'pauth-qarma3': true }");
+ "cannot enable pauth-impdef, pauth-qarma3 or pauth-qarma5 without pauth",
+ "{ 'pauth': false, 'pauth-qarma5': true }");
+ assert_error(qts, cpu_type,
+ "cannot enable pauth-impdef, pauth-qarma3 and pauth-qarma5 at the same time",
+ "{ 'pauth': true, 'pauth-impdef': true, 'pauth-qarma3': true,"
+ " 'pauth-qarma5': true }");
}
static void test_query_cpu_model_expansion(const void *data)
Before changing default pauth algorithm, we need to make sure current default one (QARMA5) can still be selected. $ qemu-system-aarch64 -cpu max,pauth-qarma5=on ... Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> --- docs/system/arm/cpu-features.rst | 5 ++++- target/arm/cpu.h | 1 + target/arm/arm-qmp-cmds.c | 2 +- target/arm/cpu64.c | 20 ++++++++++++++------ tests/qtest/arm-cpu-features.c | 15 +++++++++++---- 5 files changed, 31 insertions(+), 12 deletions(-)