mirror of
https://github.com/morgan9e/systemd
synced 2026-04-14 00:14:32 +09:00
2572bf6a39
The arm confidential compute architecture (CCA) provides a platform design for confidential VMs running in a new realm context. This can be detected by the existence of a platform device exported for the arm-cca-guest driver, which provides attestation services via the realm services interface (RSI) to the Realm Management Monitor (RMM). Like the other methods systemd uses to detect Confidential VM's, checking the sysfs entry suggests that this is a confidential VM and should only be used for informative purposes, or to trigger further attestation. Like the s390 detection logic, the sysfs path being checked is not labeled as ABI, and may change in the future. It was chosen because its directly tied to the kernel's detection of the realm service interface rather to the Trusted Security Module (TSM) which is what is being triggered by the device entry. The TSM module has a provider string of 'arm-cca-guest' which could also be used, but that (IMHO) doesn't currently provide any additional benefit except that it can fail of the module isn't loaded. More information can be found here: https://developer.arm.com/documentation/den0125/0300 Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
13 KiB
13 KiB