On Thu, 19 Mar 2026 14:27:57 -0300 Gustavo Romero <[email protected]> wrote:
> Hi Jonathan, > > On 3/19/26 06:46, Jonathan Cameron wrote: > > On Wed, 18 Mar 2026 23:23:33 -0300 > > Gustavo Romero <[email protected]> wrote: > > > >> Add new machine option 'mec' that enables and sets the memory used by > >> FEAT_MEC. > >> > >> Signed-off-by: Gustavo Romero <[email protected]> > > > > Drive by comments only. I'm curious enough to read the patches > > but no idea if this is how people would like to see this implemented! > > Thanks for taking a look at it and for you comments. > > In which sense do you mean exactly? Do mind to elaborate a bit more on > it? If it's about the whole implementation, would it be about not > really encrypting data or something else? Please help me to understand it :) > > I'm not sure if you're talking about just this patch or the whole > FEAT_MEC design. I was failing to express that this is fine for me but out of my area of expertise wrt to QEMU so would leave the questions of 'is this the best way to do it?' for others! > > > Cheers, > Gustavo > > > Jonathan > > > >> static void create_secure_ram(VirtMachineState *vms, > >> MemoryRegion *secure_sysmem, > >> MemoryRegion *secure_tag_sysmem) > >> @@ -2267,6 +2288,8 @@ static void machvirt_init(MachineState *machine) > >> MemoryRegion *secure_sysmem = NULL; > >> MemoryRegion *tag_sysmem = NULL; > >> MemoryRegion *secure_tag_sysmem = NULL; > >> + MemoryRegion *pseudo_encrypted_page = NULL; > >> + MemoryRegion *tuple_memory = NULL; > >> int n, virt_max_cpus; > >> bool firmware_loaded; > >> bool aarch64 = true; > >> @@ -2495,6 +2518,28 @@ static void machvirt_init(MachineState *machine) > >> } > >> } > >> > >> + if (vms->mec) { > >> + if (tcg_enabled()) { > >> + if (tuple_memory == NULL) { > >> + /* XXX(gromero): Add object_property_find(cpuobj, > >> "tuple-memory", ...) here. */ > >> + > >> + tuple_memory = g_new(MemoryRegion, 1); > >> + memory_region_init(tuple_memory, OBJECT(machine), > >> "mec", UINT64_MAX / 32); > >> + > >> + pseudo_encrypted_page = g_new(MemoryRegion, 1); > >> + memory_region_init(pseudo_encrypted_page, > >> OBJECT(machine), "mec-page", 4 * 1024 /* 4 KiB */); > >> + } > >> + > >> + object_property_set_link(cpuobj, "mec", > >> OBJECT(tuple_memory), &error_abort); > >> + object_property_set_link(cpuobj, "mec-page", > >> OBJECT(pseudo_encrypted_page), &error_abort); > > Trivial but some bonus spaces. > > > >> + > >> + } else { > > > > Indent seems off. > > > >> + /* Check for other accels here. */ > >> + error_report("MEC requested, but not supported"); > >> + exit(1); > >> + } > >> + } > >> + > >> qdev_realize(DEVICE(cpuobj), NULL, &error_fatal); > >> object_unref(cpuobj); > >> } > > > > > >
