[v2] Encode object type security status in code

[PATCH v2 31/32] hw/pci-host: define some PCI hosts as secure

Daniel P. Berrangé posted 32 patches 2 days ago

Diff against v1
Download mbox

Maintainers: Richard Henderson <richard.henderson@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Cameron Esfahani <dirty@apple.com>, Roman Bolshakov <rbolshakov@ddn.com>, Phil Dennis-Jordan <phil@philjordan.eu>, Mads Ynddal <mads@ynddal.dk>, Fabiano Rosas <farosas@suse.de>, Laurent Vivier <lvivier@redhat.com>, Stefano Stabellini <sstabellini@kernel.org>, Anthony PERARD <anthony@xenproject.org>, Paul Durrant <paul@xen.org>, "Edgar E. Iglesias" <edgar.iglesias@gmail.com>, "Michael S. Tsirkin" <mst@redhat.com>, Christian Schoenebeck <qemu_oss@crudebyte.com>, Greg Kurz <groug@kaod.org>, Peter Maydell <peter.maydell@linaro.org>, Gerd Hoffmann <kraxel@redhat.com>, Manos Pitsidianakis <manos.pitsidianakis@linaro.org>, Stefano Garzarella <sgarzare@redhat.com>, Raphael Norwitz <raphael@enfabrica.net>, Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Amit Shah <amit@kernel.org>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Yanan Wang <wangyanan55@huawei.com>, Zhao Liu <zhao1.liu@intel.com>, Helge Deller <deller@gmx.de>, Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>, Samuel Tardieu <sam@rfc1149.net>, Alistair Francis <alistair@alistair23.me>, Igor Mitsyanko <i.mitsyanko@gmail.com>, "Hervé Poussineau" <hpoussin@reactos.org>, Aleksandar Rikalo <arikalo@gmail.com>, Thomas Huth <huth@tuxfamily.org>, BALATON Zoltan <balaton@eik.bme.hu>, "Alex Bennée" <alex.bennee@linaro.org>, Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>, Dmitry Osipenko <dmitry.osipenko@collabora.com>, Dmitry Fleytman <dmitry.fleytman@gmail.com>, Sergio Lopez <slp@redhat.com>, John Snow <jsnow@redhat.com>, Jiri Slaby <jslaby@suse.cz>, Beniamino Galvani <b.galvani@gmail.com>, Strahinja Jankovic <strahinja.p.jankovic@gmail.com>, Jason Wang <jasowang@redhat.com>, Pavel Pisa <pisa@cmp.felk.cvut.cz>, Francisco Iglesias <francisco.iglesias@amd.com>, Vikram Garhwal <vikram.garhwal@bytedance.com>, Stefan Weil <sw@weilnetz.de>, Bernhard Beschow <shentey@gmail.com>, "Cédric Le Goater" <clg@kaod.org>, Steven Lee <steven_lee@aspeedtech.com>, Troy Lee <leetroy@gmail.com>, Jamin Lin <jamin_lin@aspeedtech.com>, Andrew Jeffery <andrew@codeconstruct.com.au>, Joel Stanley <joel@jms.id.au>, Sriram Yagnaraman <sriram.yagnaraman@ericsson.com>, Subbaraya Sundeep <sundeep.lkml@gmail.com>, Jan Kiszka <jan.kiszka@web.de>, Tyrone Ting <kfting@nuvoton.com>, Hao Wu <wuhaotsh@google.com>, Max Filippov <jcmvbkbc@gmail.com>, Jiri Pirko <jiri@resnulli.us>, Nicholas Piggin <npiggin@gmail.com>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Sven Schnelle <svens@stackframe.org>, Rob Herring <robh@kernel.org>, Huacai Chen <chenhuacai@kernel.org>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Andrey Smirnov <andrew.smirnov@gmail.com>, Aurelien Jarno <aurelien@aurel32.net>, Aditya Gupta <adityag@linux.ibm.com>, Glenn Miles <milesg@linux.ibm.com>, Elena Ufimtseva <elena.ufimtseva@oracle.com>, Jagannathan Raman <jag.raman@oracle.com>, Yoshinori Sato <yoshinori.sato@nifty.com>, Magnus Damm <magnus.damm@gmail.com>, Paul Burton <paulburton@kernel.org>, Halil Pasic <pasic@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Eric Farman <farman@linux.ibm.com>, Matthew Rosato <mjrosato@linux.ibm.com>, David Hildenbrand <david@redhat.com>, Ilya Leoshkevich <iii@linux.ibm.com>, Cornelia Huck <cohuck@redhat.com>, Fam Zheng <fam@euphon.net>, Hannes Reinecke <hare@suse.com>, Samuel Thibault <samuel.thibault@ens-lyon.org>, Tony Krowiak <akrowiak@linux.ibm.com>, Jason Herne <jjherne@linux.ibm.com>, Alex Williamson <alex.williamson@redhat.com>, Tomita Moeko <tomitamoeko@gmail.com>, Viresh Kumar <viresh.kumar@linaro.org>, Mathieu Poirier <mathieu.poirier@linaro.org>, "Gonglei (Arei)" <arei.gonglei@huawei.com>, Eric Auger <eric.auger@redhat.com>, Alexander Graf <graf@amazon.com>, Dorjoy Chowdhury <dorjoychy111@gmail.com>, Radoslaw Biernacki <rad@semihalf.com>, Leif Lindholm <leif.lindholm@oss.qualcomm.com>, "Collin L. Walling" <walling@linux.ibm.com>, Jean-Christophe Dubois <jcd@tribudubois.net>, Markus Armbruster <armbru@redhat.com>, Michael Roth <michael.roth@amd.com>, "Daniel P. Berrangé" <berrange@redhat.com>, Eric Blake <eblake@redhat.com>

Expand all Fold all

[PATCH v2 31/32] hw/pci-host: define some PCI hosts as secure

Posted by Daniel P. Berrangé 2 days ago

Most of the PCI host implementations are targetting emulation
use cases. The exceptions to this are i440fx & q35 which are
used commonly on x86, the pnv* which are used on ppc, and
gpex which is used on arm.

There is also a special case for the 'remote' type and the
Xen passthrough type.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 hw/pci-host/articia.c       | 3 +++
 hw/pci-host/astro.c         | 3 +++
 hw/pci-host/bonito.c        | 2 ++
 hw/pci-host/designware.c    | 3 +++
 hw/pci-host/dino.c          | 1 +
 hw/pci-host/fsl_imx8m_phy.c | 1 +
 hw/pci-host/gpex.c          | 2 ++
 hw/pci-host/grackle.c       | 2 ++
 hw/pci-host/gt64120.c       | 2 ++
 hw/pci-host/i440fx.c        | 2 ++
 hw/pci-host/mv64361.c       | 1 +
 hw/pci-host/pnv_phb.c       | 2 ++
 hw/pci-host/pnv_phb3.c      | 3 +++
 hw/pci-host/pnv_phb3_msi.c  | 1 +
 hw/pci-host/pnv_phb3_pbcq.c | 1 +
 hw/pci-host/pnv_phb4.c      | 4 ++++
 hw/pci-host/pnv_phb4_pec.c  | 2 ++
 hw/pci-host/ppc440_pcix.c   | 1 +
 hw/pci-host/ppc4xx_pci.c    | 2 ++
 hw/pci-host/ppce500.c       | 2 ++
 hw/pci-host/q35.c           | 2 ++
 hw/pci-host/raven.c         | 2 ++
 hw/pci-host/remote.c        | 1 +
 hw/pci-host/sabre.c         | 2 ++
 hw/pci-host/sh_pci.c        | 2 ++
 hw/pci-host/uninorth.c      | 2 ++
 hw/pci-host/versatile.c     | 3 +++
 hw/pci-host/xen_igd_pt.c    | 1 +
 hw/pci-host/xilinx-pcie.c   | 1 +
 29 files changed, 56 insertions(+)

diff --git a/hw/pci-host/articia.c b/hw/pci-host/articia.c
index cc65aac2a8..b29fa98d19 100644
--- a/hw/pci-host/articia.c
+++ b/hw/pci-host/articia.c
@@ -267,12 +267,14 @@ static const TypeInfo articia_types[] = {
         .parent        = TYPE_PCI_HOST_BRIDGE,
         .instance_size = sizeof(ArticiaState),
         .class_init    = articia_class_init,
+        .secure        = false,
     },
     {
         .name          = TYPE_ARTICIA_PCI_HOST,
         .parent        = TYPE_PCI_DEVICE,
         .instance_size = sizeof(ArticiaHostState),
         .class_init    = articia_pci_host_class_init,
+        .secure        = false,
         .interfaces = (const InterfaceInfo[]) {
               { INTERFACE_CONVENTIONAL_PCI_DEVICE },
               { },
@@ -283,6 +285,7 @@ static const TypeInfo articia_types[] = {
         .parent        = TYPE_PCI_DEVICE,
         .instance_size = sizeof(PCIDevice),
         .class_init    = articia_pci_bridge_class_init,
+        .secure        = false,
         .interfaces = (const InterfaceInfo[]) {
               { INTERFACE_CONVENTIONAL_PCI_DEVICE },
               { },
diff --git a/hw/pci-host/astro.c b/hw/pci-host/astro.c
index 1024ede7b6..0685615ecd 100644
--- a/hw/pci-host/astro.c
+++ b/hw/pci-host/astro.c
@@ -498,6 +498,7 @@ static const TypeInfo elroy_pcihost_info = {
     .parent        = TYPE_PCI_HOST_BRIDGE,
     .instance_size = sizeof(ElroyState),
     .class_init    = elroy_pcihost_class_init,
+    .secure        = false,
 };
 
 static void elroy_register_types(void)
@@ -930,6 +931,7 @@ static const TypeInfo astro_chip_info = {
     .instance_init = astro_init,
     .instance_size = sizeof(AstroState),
     .class_init    = astro_class_init,
+    .secure        = false,
 };
 
 static void astro_iommu_memory_region_class_init(ObjectClass *klass,
@@ -944,6 +946,7 @@ static const TypeInfo astro_iommu_memory_region_info = {
     .parent = TYPE_IOMMU_MEMORY_REGION,
     .name = TYPE_ASTRO_IOMMU_MEMORY_REGION,
     .class_init = astro_iommu_memory_region_class_init,
+    .secure = false,
 };
 
 
diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c
index 7d6251a78d..6d02bde4ee 100644
--- a/hw/pci-host/bonito.c
+++ b/hw/pci-host/bonito.c
@@ -783,6 +783,7 @@ static const TypeInfo bonito_pci_info = {
     .parent        = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCIBonitoState),
     .class_init    = bonito_pci_class_init,
+    .secure        = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -801,6 +802,7 @@ static const TypeInfo bonito_host_info = {
     .parent        = TYPE_PCI_HOST_BRIDGE,
     .instance_size = sizeof(BonitoState),
     .class_init    = bonito_host_class_init,
+    .secure        = false,
 };
 
 static void bonito_register_types(void)
diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c
index f6e49ce9b8..ee1205977e 100644
--- a/hw/pci-host/designware.c
+++ b/hw/pci-host/designware.c
@@ -757,17 +757,20 @@ static const TypeInfo designware_pcie_types[] = {
         .parent         = TYPE_PCIE_BUS,
         .instance_size  = sizeof(DesignwarePCIERootBus),
         .class_init     = designware_pcie_root_bus_class_init,
+        .secure         = false,
     }, {
         .name           = TYPE_DESIGNWARE_PCIE_HOST,
         .parent         = TYPE_PCI_HOST_BRIDGE,
         .instance_size  = sizeof(DesignwarePCIEHost),
         .instance_init  = designware_pcie_host_init,
         .class_init     = designware_pcie_host_class_init,
+        .secure         = false,
     }, {
         .name           = TYPE_DESIGNWARE_PCIE_ROOT,
         .parent         = TYPE_PCI_BRIDGE,
         .instance_size  = sizeof(DesignwarePCIERoot),
         .class_init     = designware_pcie_root_class_init,
+        .secure         = false,
         .interfaces     = (const InterfaceInfo[]) {
             { INTERFACE_PCIE_DEVICE },
             { }
diff --git a/hw/pci-host/dino.c b/hw/pci-host/dino.c
index 924053499c..9b6375661d 100644
--- a/hw/pci-host/dino.c
+++ b/hw/pci-host/dino.c
@@ -506,6 +506,7 @@ static const TypeInfo dino_pcihost_info = {
     .parent        = TYPE_PCI_HOST_BRIDGE,
     .instance_size = sizeof(DinoState),
     .class_init    = dino_pcihost_class_init,
+    .secure        = false,
 };
 
 static void dino_register_types(void)
diff --git a/hw/pci-host/fsl_imx8m_phy.c b/hw/pci-host/fsl_imx8m_phy.c
index 04da3f99a0..0a0ed10619 100644
--- a/hw/pci-host/fsl_imx8m_phy.c
+++ b/hw/pci-host/fsl_imx8m_phy.c
@@ -92,6 +92,7 @@ static const TypeInfo fsl_imx8m_pcie_phy_types[] = {
         .parent = TYPE_SYS_BUS_DEVICE,
         .instance_size = sizeof(FslImx8mPciePhyState),
         .class_init = fsl_imx8m_pcie_phy_class_init,
+        .secure = false,
     }
 };
 
diff --git a/hw/pci-host/gpex.c b/hw/pci-host/gpex.c
index b806a2286f..d9486c773d 100644
--- a/hw/pci-host/gpex.c
+++ b/hw/pci-host/gpex.c
@@ -221,6 +221,7 @@ static const TypeInfo gpex_host_info = {
     .instance_size = sizeof(GPEXHost),
     .instance_init = gpex_host_initfn,
     .class_init = gpex_host_class_init,
+    .secure = true,
 };
 
 /****************************************************************************
@@ -261,6 +262,7 @@ static const TypeInfo gpex_root_info = {
     .parent = TYPE_PCI_DEVICE,
     .instance_size = sizeof(GPEXRootState),
     .class_init = gpex_root_class_init,
+    .secure = true,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
diff --git a/hw/pci-host/grackle.c b/hw/pci-host/grackle.c
index f9da5a908c..eb23af9f22 100644
--- a/hw/pci-host/grackle.c
+++ b/hw/pci-host/grackle.c
@@ -116,6 +116,7 @@ static const TypeInfo grackle_pci_info = {
     .parent        = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCIDevice),
     .class_init = grackle_pci_class_init,
+    .secure        = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -151,6 +152,7 @@ static const TypeInfo grackle_host_info = {
     .instance_size = sizeof(GrackleState),
     .instance_init = grackle_init,
     .class_init    = grackle_class_init,
+    .secure        = false,
 };
 
 static void grackle_register_types(void)
diff --git a/hw/pci-host/gt64120.c b/hw/pci-host/gt64120.c
index b1d96f62fe..fbc763e4ef 100644
--- a/hw/pci-host/gt64120.c
+++ b/hw/pci-host/gt64120.c
@@ -1283,6 +1283,7 @@ static const TypeInfo gt64120_pci_info = {
     .parent        = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCIDevice),
     .class_init    = gt64120_pci_class_init,
+    .secure        = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -1310,6 +1311,7 @@ static const TypeInfo gt64120_info = {
     .parent        = TYPE_PCI_HOST_BRIDGE,
     .instance_size = sizeof(GT64120State),
     .class_init    = gt64120_class_init,
+    .secure        = false,
 };
 
 static void gt64120_pci_register_types(void)
diff --git a/hw/pci-host/i440fx.c b/hw/pci-host/i440fx.c
index e13bb1b53e..163d4b3ec0 100644
--- a/hw/pci-host/i440fx.c
+++ b/hw/pci-host/i440fx.c
@@ -341,6 +341,7 @@ static const TypeInfo i440fx_info = {
     .parent        = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCII440FXState),
     .class_init    = i440fx_class_init,
+    .secure        = true,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -399,6 +400,7 @@ static const TypeInfo i440fx_pcihost_info = {
     .instance_size = sizeof(I440FXState),
     .instance_init = i440fx_pcihost_initfn,
     .class_init    = i440fx_pcihost_class_init,
+    .secure        = true,
 };
 
 static void i440fx_register_types(void)
diff --git a/hw/pci-host/mv64361.c b/hw/pci-host/mv64361.c
index e05b677010..5ac0f29ff2 100644
--- a/hw/pci-host/mv64361.c
+++ b/hw/pci-host/mv64361.c
@@ -46,6 +46,7 @@ static const TypeInfo mv64361_pcibridge_info = {
     .parent        = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCIDevice),
     .class_init    = mv64361_pcibridge_class_init,
+    .secure        = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c
index 4b0ced79b0..bd7d116720 100644
--- a/hw/pci-host/pnv_phb.c
+++ b/hw/pci-host/pnv_phb.c
@@ -334,6 +334,7 @@ static const TypeInfo pnv_phb_type_info = {
     .parent        = TYPE_PCIE_HOST_BRIDGE,
     .instance_size = sizeof(PnvPHB),
     .class_init    = pnv_phb_class_init,
+    .secure        = true,
 };
 
 static const TypeInfo pnv_phb_root_port_info = {
@@ -341,6 +342,7 @@ static const TypeInfo pnv_phb_root_port_info = {
     .parent        = TYPE_PCIE_ROOT_PORT,
     .instance_size = sizeof(PnvPHBRootPort),
     .class_init    = pnv_phb_root_port_class_init,
+    .secure        = true,
 };
 
 static void pnv_phb_register_types(void)
diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c
index 5d8383fac3..ff0ee5be4d 100644
--- a/hw/pci-host/pnv_phb3.c
+++ b/hw/pci-host/pnv_phb3.c
@@ -900,6 +900,7 @@ static const TypeInfo pnv_phb3_iommu_memory_region_info = {
     .parent = TYPE_IOMMU_MEMORY_REGION,
     .name = TYPE_PNV_PHB3_IOMMU_MEMORY_REGION,
     .class_init = pnv_phb3_iommu_memory_region_class_init,
+    .secure = true,
 };
 
 /*
@@ -1113,6 +1114,7 @@ static const TypeInfo pnv_phb3_type_info = {
     .instance_size = sizeof(PnvPHB3),
     .class_init    = pnv_phb3_class_init,
     .instance_init = pnv_phb3_instance_init,
+    .secure        = true,
 };
 
 static void pnv_phb3_root_bus_get_prop(Object *obj, Visitor *v,
@@ -1176,6 +1178,7 @@ static const TypeInfo pnv_phb3_root_bus_info = {
     .parent = TYPE_PCIE_BUS,
     .instance_size = sizeof(PnvPHB3RootBus),
     .class_init = pnv_phb3_root_bus_class_init,
+    .secure = true,
 };
 
 static void pnv_phb3_register_types(void)
diff --git a/hw/pci-host/pnv_phb3_msi.c b/hw/pci-host/pnv_phb3_msi.c
index 3a83311faf..265b6d155e 100644
--- a/hw/pci-host/pnv_phb3_msi.c
+++ b/hw/pci-host/pnv_phb3_msi.c
@@ -306,6 +306,7 @@ static const TypeInfo phb3_msi_info = {
     .class_init = phb3_msi_class_init,
     .class_size = sizeof(ICSStateClass),
     .instance_init = phb3_msi_instance_init,
+    .secure = true,
 };
 
 static void pnv_phb3_msi_register_types(void)
diff --git a/hw/pci-host/pnv_phb3_pbcq.c b/hw/pci-host/pnv_phb3_pbcq.c
index 1f7a149580..687c832515 100644
--- a/hw/pci-host/pnv_phb3_pbcq.c
+++ b/hw/pci-host/pnv_phb3_pbcq.c
@@ -354,6 +354,7 @@ static const TypeInfo pnv_pbcq_type_info = {
     .instance_size = sizeof(PnvPBCQState),
     .instance_init = phb3_pbcq_instance_init,
     .class_init    = pnv_pbcq_class_init,
+    .secure        = true,
     .interfaces    = (const InterfaceInfo[]) {
         { TYPE_PNV_XSCOM_INTERFACE },
         { }
diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
index 18992054e8..4dc9730740 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -1374,6 +1374,7 @@ static const TypeInfo pnv_phb4_iommu_memory_region_info = {
     .parent = TYPE_IOMMU_MEMORY_REGION,
     .name = TYPE_PNV_PHB4_IOMMU_MEMORY_REGION,
     .class_init = pnv_phb4_iommu_memory_region_class_init,
+    .secure = true,
 };
 
 /*
@@ -1715,6 +1716,7 @@ static const TypeInfo pnv_phb4_type_info = {
     .instance_init = pnv_phb4_instance_init,
     .instance_size = sizeof(PnvPHB4),
     .class_init    = pnv_phb4_class_init,
+    .secure        = true,
     .interfaces = (const InterfaceInfo[]) {
             { TYPE_XIVE_NOTIFIER },
             { },
@@ -1725,6 +1727,7 @@ static const TypeInfo pnv_phb5_type_info = {
     .name          = TYPE_PNV_PHB5,
     .parent        = TYPE_PNV_PHB4,
     .instance_size = sizeof(PnvPHB4),
+    .secure        = true,
 };
 
 static void pnv_phb4_root_bus_get_prop(Object *obj, Visitor *v,
@@ -1788,6 +1791,7 @@ static const TypeInfo pnv_phb4_root_bus_info = {
     .parent = TYPE_PCIE_BUS,
     .instance_size = sizeof(PnvPHB4RootBus),
     .class_init = pnv_phb4_root_bus_class_init,
+    .secure = true,
 };
 
 static void pnv_phb4_register_types(void)
diff --git a/hw/pci-host/pnv_phb4_pec.c b/hw/pci-host/pnv_phb4_pec.c
index 5bac1c42ed..5f437af7a6 100644
--- a/hw/pci-host/pnv_phb4_pec.c
+++ b/hw/pci-host/pnv_phb4_pec.c
@@ -388,6 +388,7 @@ static const TypeInfo pnv_pec_type_info = {
     .instance_size = sizeof(PnvPhb4PecState),
     .class_init    = pnv_pec_class_init,
     .class_size    = sizeof(PnvPhb4PecClass),
+    .secure        = true,
     .interfaces    = (const InterfaceInfo[]) {
         { TYPE_PNV_XSCOM_INTERFACE },
         { }
@@ -445,6 +446,7 @@ static const TypeInfo pnv_phb5_pec_type_info = {
     .instance_size = sizeof(PnvPhb4PecState),
     .class_init    = pnv_phb5_pec_class_init,
     .class_size    = sizeof(PnvPhb4PecClass),
+    .secure        = true,
     .interfaces    = (const InterfaceInfo[]) {
         { TYPE_PNV_XSCOM_INTERFACE },
         { }
diff --git a/hw/pci-host/ppc440_pcix.c b/hw/pci-host/ppc440_pcix.c
index 744b85e49c..189b375bfa 100644
--- a/hw/pci-host/ppc440_pcix.c
+++ b/hw/pci-host/ppc440_pcix.c
@@ -532,6 +532,7 @@ static const TypeInfo ppc440_pcix_info = {
     .parent        = TYPE_PCI_HOST_BRIDGE,
     .instance_size = sizeof(PPC440PCIXState),
     .class_init    = ppc440_pcix_class_init,
+    .secure        = false,
 };
 
 static void ppc440_pcix_register_types(void)
diff --git a/hw/pci-host/ppc4xx_pci.c b/hw/pci-host/ppc4xx_pci.c
index 2547817688..51fa5cbe74 100644
--- a/hw/pci-host/ppc4xx_pci.c
+++ b/hw/pci-host/ppc4xx_pci.c
@@ -370,6 +370,7 @@ static const TypeInfo ppc4xx_host_bridge_info = {
     .parent        = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCIDevice),
     .class_init    = ppc4xx_host_bridge_class_init,
+    .secure        = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -389,6 +390,7 @@ static const TypeInfo ppc4xx_pcihost_info = {
     .parent        = TYPE_PCI_HOST_BRIDGE,
     .instance_size = sizeof(PPC4xxPCIState),
     .class_init    = ppc4xx_pcihost_class_init,
+    .secure        = false,
 };
 
 static void ppc4xx_pci_register_types(void)
diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c
index 975d191ccb..40b89af66d 100644
--- a/hw/pci-host/ppce500.c
+++ b/hw/pci-host/ppce500.c
@@ -527,6 +527,7 @@ static const TypeInfo e500_pci_types[] = {
         .parent        = TYPE_PCI_DEVICE,
         .instance_size = sizeof(PPCE500PCIBridgeState),
         .class_init    = e500_host_bridge_class_init,
+        .secure        = false,
         .interfaces    = (const InterfaceInfo[]) {
             { INTERFACE_CONVENTIONAL_PCI_DEVICE },
             { },
@@ -537,6 +538,7 @@ static const TypeInfo e500_pci_types[] = {
         .parent        = TYPE_PCI_HOST_BRIDGE,
         .instance_size = sizeof(PPCE500PCIState),
         .class_init    = e500_pcihost_class_init,
+        .secure        = false,
     },
 };
 
diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
index 1951ae440c..a5e9f2f59e 100644
--- a/hw/pci-host/q35.c
+++ b/hw/pci-host/q35.c
@@ -258,6 +258,7 @@ static const TypeInfo q35_host_info = {
     .instance_size = sizeof(Q35PCIHost),
     .instance_init = q35_host_initfn,
     .class_init = q35_host_class_init,
+    .secure = true,
 };
 
 /****************************************************************************
@@ -703,6 +704,7 @@ static const TypeInfo mch_info = {
     .parent = TYPE_PCI_DEVICE,
     .instance_size = sizeof(MCHPCIState),
     .class_init = mch_class_init,
+    .secure = true,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c
index f8c0be5d21..6fd4f4f6df 100644
--- a/hw/pci-host/raven.c
+++ b/hw/pci-host/raven.c
@@ -363,6 +363,7 @@ static const TypeInfo raven_info = {
     .parent = TYPE_PCI_DEVICE,
     .instance_size = sizeof(RavenPCIState),
     .class_init = raven_class_init,
+    .secure = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -384,6 +385,7 @@ static const TypeInfo raven_pcihost_info = {
     .instance_size = sizeof(PREPPCIState),
     .instance_init = raven_pcihost_initfn,
     .class_init = raven_pcihost_class_init,
+    .secure = false,
 };
 
 static void raven_register_types(void)
diff --git a/hw/pci-host/remote.c b/hw/pci-host/remote.c
index e6d2af4502..b17a4da6fe 100644
--- a/hw/pci-host/remote.c
+++ b/hw/pci-host/remote.c
@@ -64,6 +64,7 @@ static const TypeInfo remote_pcihost_info = {
     .parent = TYPE_PCIE_HOST_BRIDGE,
     .instance_size = sizeof(RemotePCIHost),
     .class_init = remote_pcihost_class_init,
+    .secure = true,
 };
 
 static void remote_pcihost_register(void)
diff --git a/hw/pci-host/sabre.c b/hw/pci-host/sabre.c
index 538624c507..d2ae46695c 100644
--- a/hw/pci-host/sabre.c
+++ b/hw/pci-host/sabre.c
@@ -477,6 +477,7 @@ static const TypeInfo sabre_pci_info = {
     .parent        = TYPE_PCI_DEVICE,
     .instance_size = sizeof(SabrePCIState),
     .class_init    = sabre_pci_class_init,
+    .secure        = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -516,6 +517,7 @@ static const TypeInfo sabre_info = {
     .instance_size = sizeof(SabreState),
     .instance_init = sabre_init,
     .class_init    = sabre_class_init,
+    .secure        = false,
 };
 
 static void sabre_register_types(void)
diff --git a/hw/pci-host/sh_pci.c b/hw/pci-host/sh_pci.c
index 62fb945075..d18832ac98 100644
--- a/hw/pci-host/sh_pci.c
+++ b/hw/pci-host/sh_pci.c
@@ -180,11 +180,13 @@ static const TypeInfo sh_pcic_types[] = {
         .parent         = TYPE_PCI_HOST_BRIDGE,
         .instance_size  = sizeof(SHPCIState),
         .class_init     = sh_pcic_host_class_init,
+        .secure         = false,
     }, {
         .name           = "sh_pci_host",
         .parent         = TYPE_PCI_DEVICE,
         .instance_size  = sizeof(PCIDevice),
         .class_init     = sh_pcic_pci_class_init,
+        .secure         = false,
         .interfaces = (const InterfaceInfo[]) {
             { INTERFACE_CONVENTIONAL_PCI_DEVICE },
             { },
diff --git a/hw/pci-host/uninorth.c b/hw/pci-host/uninorth.c
index 194037d6e7..1aeb008845 100644
--- a/hw/pci-host/uninorth.c
+++ b/hw/pci-host/uninorth.c
@@ -333,6 +333,7 @@ static const TypeInfo unin_main_pci_host_info = {
     .parent = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCIDevice),
     .class_init = unin_main_pci_host_class_init,
+    .secure = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -361,6 +362,7 @@ static const TypeInfo u3_agp_pci_host_info = {
     .parent = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCIDevice),
     .class_init = u3_agp_pci_host_class_init,
+    .secure = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
diff --git a/hw/pci-host/versatile.c b/hw/pci-host/versatile.c
index 8ea26e3ff0..a991c21a19 100644
--- a/hw/pci-host/versatile.c
+++ b/hw/pci-host/versatile.c
@@ -492,6 +492,7 @@ static const TypeInfo versatile_pci_host_info = {
     .parent        = TYPE_PCI_DEVICE,
     .instance_size = sizeof(PCIDevice),
     .class_init    = versatile_pci_host_class_init,
+    .secure        = false,
     .interfaces = (const InterfaceInfo[]) {
         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
         { },
@@ -519,6 +520,7 @@ static const TypeInfo pci_vpb_info = {
     .instance_size = sizeof(PCIVPBState),
     .instance_init = pci_vpb_init,
     .class_init    = pci_vpb_class_init,
+    .secure        = false,
 };
 
 static void pci_realview_init(Object *obj)
@@ -536,6 +538,7 @@ static const TypeInfo pci_realview_info = {
     .name          = "realview_pci",
     .parent        = TYPE_VERSATILE_PCI,
     .instance_init = pci_realview_init,
+    .secure        = false,
 };
 
 static void versatile_pci_register_types(void)
diff --git a/hw/pci-host/xen_igd_pt.c b/hw/pci-host/xen_igd_pt.c
index 5dd17ef236..892e27e32f 100644
--- a/hw/pci-host/xen_igd_pt.c
+++ b/hw/pci-host/xen_igd_pt.c
@@ -110,6 +110,7 @@ static const TypeInfo igd_passthrough_i440fx_info = {
     .parent        = TYPE_I440FX_PCI_DEVICE,
     .instance_size = sizeof(PCII440FXState),
     .class_init    = igd_passthrough_i440fx_class_init,
+    .secure        = true,
 };
 
 static void igd_pt_i440fx_register_types(void)
diff --git a/hw/pci-host/xilinx-pcie.c b/hw/pci-host/xilinx-pcie.c
index c71492de9e..4e88c51ff9 100644
--- a/hw/pci-host/xilinx-pcie.c
+++ b/hw/pci-host/xilinx-pcie.c
@@ -183,6 +183,7 @@ static const TypeInfo xilinx_pcie_host_info = {
     .instance_size = sizeof(XilinxPCIEHost),
     .instance_init = xilinx_pcie_host_init,
     .class_init = xilinx_pcie_host_class_init,
+    .secure = false,
 };
 
 static uint32_t xilinx_pcie_root_config_read(PCIDevice *d,
-- 
2.50.1