[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it
From: |
Laszlo Ersek |
Subject: |
Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode |
Date: |
Thu, 09 Apr 2015 18:10:17 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
On 04/09/15 16:43, Paolo Bonzini wrote:
>
>
> On 09/04/2015 15:58, Edgar E. Iglesias wrote:
>> Hi Paulo,
>>
>> How would this work with XIP off the romd region?
>> Without s/ns address spaces, CPUs in NS state will be able to execute
>> and access data while in ROMD state won't they?
>
> Good point! In fact, even with S/NS address spaces, the ROMD state is
> global across all CPUs, so if one CPU does a secure write all other CPUs
> would fail to access the ROM in non-secure mode. Even if I modified
> pflash_mem_read to return ROM contents, it would fail to execute.
>
> This works for UEFI because the reset vector is the only executable code
> in the flash. The actual firmware volumes are compressed.
In OVMF, the reset vector and the SEC phase code run from (read-only)
flash. SEC decompresses everything else to RAM. Also, SEC does not
access read-write flash (the varstore) at all.
The above is a specialty of OVMF. In ArmVirtualizationQemu (aka AAVMF),
two further module types run from flash, after SEC: PEI_CORE, and some
PEIMs (ie. the PEI phase comes into the picture). During PEI, read-only
access to the varstore should be supported.
... I'm providing the above as "standalone facts", neither as
confirmation nor as disproof for what you wrote. I don't know enough to
combine these edk2 bits with what you wrote myself, but my hope is that
*you* can maybe combine them, if I point them out. :)
>> I may be missing something...
>
> You may also be missing (I didn't say it) that this is for x86 not ARM. :->
Right; as long as we're focusing on OVMF "only", then everything after
SEC runs from RAM.
Thanks!
Laszlo
- [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Paolo Bonzini, 2015/04/09
- [Qemu-devel] [PATCH 1/3] pflash_cfi01: change big-endian property to BIT type, Paolo Bonzini, 2015/04/09
- [Qemu-devel] [PATCH 3/3] pflash_cfi01: add secure property, Paolo Bonzini, 2015/04/09
- [Qemu-devel] [PATCH 2/3] pflash_cfi01: change to new-style MMIO accessors, Paolo Bonzini, 2015/04/09
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Peter Maydell, 2015/04/09
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Paolo Bonzini, 2015/04/09
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Peter Maydell, 2015/04/09
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Edgar E. Iglesias, 2015/04/09
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Paolo Bonzini, 2015/04/09
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode,
Laszlo Ersek <=
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Paolo Bonzini, 2015/04/09
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Edgar E. Iglesias, 2015/04/09
- Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode, Peter Maydell, 2015/04/10