Am 18. November 2025 11:24:44 UTC schrieb "Philippe Mathieu-Daudé"
<[email protected]>:
>On 18/11/25 10:49, Bernhard Beschow wrote:
>>
>>
>> Am 17. November 2025 17:38:03 UTC schrieb Peter Maydell
>> <[email protected]>:
>>> On Mon, 17 Nov 2025 at 17:13, Cornelia Huck <[email protected]> wrote:
>>>> Running current master (resp. with this patch applied), I'm getting make
>>>> check failures on an aarch64 (Mt. Snow) host ("qemu-system-aarch64:
>>>> unknown type 'arm-gicv3'" while using this machine); going back right
>>>> before this patch, everything works fine. Haven't tried to debug this
>>>> yet (maybe I'm the one with the weird config again...)
>>>
>>> Is this a KVM-only config (no TCG) ?
>>>
>>> I think this happens because the KConfig now says
>>> + depends on TCG || KVM
>>>
>>> but because the machine by default doesn't use KVM then
>>> trying to run the machine with no extra arguments falls
>>> over if TCG isn't present.
>>>
>>> This thing we put in to handle "creation of the SoC object
>>> via device introspection means it doesn't have an ms->cpu_type
>>> to look at":
>>>
>>> + const char *cpu_type = ms->cpu_type ?: ARM_CPU_TYPE_NAME("cortex-a53");
>>>
>>> also probably won't do anything useful under a KVM-only config.
>>>
>>> I think the simplest thing here is to put the KConfig back to:
>>>
>>> depends on TCG && AARCH64
>>>
>>> People building a KVM-only config almost certainly do not
>>> want this machine type and its devices, because the main
>>> reason to build KVM-only is because you're in the
>>> "virtualization use case" and want to not build in a
>>> load of not-security-supported machine types.
>>
>> Do we need this treatment for further machines, e.g. isapc, e500, mips? Or
>> shall the CPU type handling in the SoC consider kvm_enabled()?
>
>Good point. My understanding is only virt x86/arm/ppc64/s390x are
>"security covered", but there is no explicit mention of that in
>our doc. (btw why not include isapc? as it is a subset of other
>covered x86 machines?)
Hi Phil,
Peter merged the updated security policy which enumerates all "security
covered" machines (sorry, don't have a link right now).
Since the policy change was about decoupling of acceleration/virtualization
technologies from use cases, I'd actually prefer the imx8 machine(s) to be
enabled in a KVM-only configuration. For 10.2 I'd go for "depends on TCG &&
AARCH64" for simplicity. Will send a patch later.
Best regards,
Bernhard
