From c85e7c13d4af40380dedc26c5412742c2c5ef36d Mon Sep 17 00:00:00 2001
From: tujipei <tujipei@huawei.com>
Date: Tue, 18 Jun 2024 10:27:55 +0800
Subject: [PATCH] QEMU update to version 6.2.0-94

- hw/arm/virt: Disable DTB randomness for confidential VMs

Signed-off-by: liupingwei <liupingwei0317@outlook.com>
---
 ...ble-DTB-randomness-for-confidential-.patch | 35 +++++++++++++++++++
 qemu.spec                                     |  6 +++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch

diff --git a/hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch b/hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch
new file mode 100644
index 00000000..dd787017
--- /dev/null
+++ b/hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch
@@ -0,0 +1,35 @@
+From 2830db7bec600915e88bb22847a66d99b047a308 Mon Sep 17 00:00:00 2001
+From: liupingwei <liupingwei0317@outlook.com>
+Date: Mon, 17 Jun 2024 19:56:48 +0800
+Subject: [PATCH] hw/arm/virt:Disable DTB randomness for confidential VMs
+
+The dtb-randomness feature,which adds random seeds to the DTB,isn't
+really compatible with confidential VMs since it randomizes the
+TMM.Enabling it is not an error,but it prevents attestation.It also
+isn't useful to TMM,which dosn't trust host input.
+
+Fixes:12d0d099aecb("Add support for the virtcca cvm feature")
+
+Signed-off-by: liupingwei <liupingwei0317@outlook.com>
+---
+ hw/arm/virt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index f20775f44c..e0de08e2c1 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -261,7 +261,9 @@ static void create_fdt(VirtMachineState *vms)
+ 
+     /* /chosen must exist for load_dtb to fill in necessary properties later */
+     qemu_fdt_add_subnode(fdt, "/chosen");
+-    create_kaslr_seed(ms, "/chosen");
++    if (!virtcca_cvm_enabled()) {
++        create_kaslr_seed(ms, "/chosen");
++    }
+ 
+     if (vms->secure) {
+         qemu_fdt_add_subnode(fdt, "/secure-chosen");
+-- 
+2.31.1.windows.1
+
diff --git a/qemu.spec b/qemu.spec
index 127617a8..e7ec5243 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -3,7 +3,7 @@
 
 Name: qemu
 Version: 6.2.0
-Release: 93
+Release: 94
 Epoch: 10
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@@ -968,6 +968,7 @@ Patch0953: Add-support-for-the-virtcca-cvm-feature.patch
 Patch0954: hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
 Patch0955: tests-qtest-ahci-test-add-test-exposing-reset-issue-.patch
 Patch0956: cvm-bug-fix-for-macro-isolation.patch
+Patch0957: hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch
 
 BuildRequires: flex
 BuildRequires: gcc
@@ -1566,6 +1567,9 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Tue Jun 18 2024 <liupingwei@huawei.com> - 10:6.2.0-94
+- hw/arm/virt: Disable DTB randomness for confidential VMs
+
 * Sat Jun 15 2024 <fengjiabo1@huawei.com> - 10:6.2.0-93
 - cvm: bug-fix for macro isolation
 - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fix CVE-2023-5088)
-- 
Gitee