qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it


From: Paolo Bonzini
Subject: Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode
Date: Thu, 09 Apr 2015 16:43:41 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0


On 09/04/2015 15:58, Edgar E. Iglesias wrote:
> Hi Paulo,
> 
> How would this work with XIP off the romd region?
> Without s/ns address spaces,  CPUs in NS state will be able to execute
> and access data while in ROMD state won't they?

Good point!  In fact, even with S/NS address spaces, the ROMD state is
global across all CPUs, so if one CPU does a secure write all other CPUs
would fail to access the ROM in non-secure mode.  Even if I modified
pflash_mem_read to return ROM contents, it would fail to execute.

This works for UEFI because the reset vector is the only executable code
in the flash.  The actual firmware volumes are compressed.

> I may be missing something...

You may also be missing (I didn't say it) that this is for x86 not ARM. :->

Paolo



reply via email to

[Prev in Thread] Current Thread [Next in Thread]