summary refs log tree commit diff stats
path: root/docs/system/arm/virt.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/system/arm/virt.rst')
-rw-r--r--docs/system/arm/virt.rst8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index 850787495b..1544632b67 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -121,6 +121,14 @@ ras
   Set ``on``/``off`` to enable/disable reporting host memory errors to a guest
   using ACPI and guest external abort exceptions. The default is off.
 
+dtb-kaslr-seed
+  Set ``on``/``off`` to pass a random seed via the guest dtb
+  kaslr-seed node (in both "/chosen" and /secure-chosen) to use
+  for features like address space randomisation. The default is
+  ``on``. You will want to disable it if your trusted boot chain will
+  verify the DTB it is passed. It would be the responsibility of the
+  firmware to come up with a seed and pass it on if it wants to.
+
 Linux guest kernel configuration
 """"""""""""""""""""""""""""""""