qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Re: [PATCH 1/2] pci: Automatically patch PCI vendor id


From: Anthony Liguori
Subject: Re: [Qemu-devel] Re: [PATCH 1/2] pci: Automatically patch PCI vendor id and device id in PCI ROM
Date: Mon, 18 Oct 2010 14:59:09 -0500
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100915 Lightning/1.0b1 Thunderbird/3.0.8

On 10/18/2010 02:36 PM, Stefan Weil wrote:
Maybe a more perfect solution would only patch the preconfigured
rom files but not user configured files, but I don't think we
need this degree of perfection.

Generally speaking, patching third-party code is not something that we should get in the habit of doing unless we're very very sure that it's okay and we have as many checks in place as possible to avoid bad things from happening.

There are so many bad things that can happen. If attempted to support attestation in QEMU and prepopulated a virtual TPM with checksums from the BIOS and ROMs, when the virtual BIOS attempts to measure itself if we've patched the ROM underneath of it, then the measurements will fail.

In the very least, if we go this route, it has to be an optional feature.

Regards,

Anthony Liguori

Regards,
Stefan





reply via email to

[Prev in Thread] Current Thread [Next in Thread]