[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF |
Date: |
Sun, 18 Aug 2019 21:50:34 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
On 17/08/19 02:20, Yao, Jiewen wrote:
> [Jiewen] That is OK. Then we MUST add the third adversary.
> -- Adversary: Simple hardware attacker, who can use device to perform DMA
> attack in the virtual world.
> NOTE: The DMA attack in the real world is out of scope. That is be handled by
> IOMMU in the real world, such as VTd. -- Please do clarify if this is TRUE.
>
> In the real world:
> #1: the SMM MUST be non-DMA capable region.
> #2: the MMIO MUST be non-DMA capable region.
> #3: the stolen memory MIGHT be DMA capable region or non-DMA capable
> region. It depends upon the silicon design.
> #4: the normal OS accessible memory - including ACPI reclaim, ACPI
> NVS, and reserved memory not included by #3 - MUST be DMA capable region.
> As such, IOMMU protection is NOT required for #1 and #2. IOMMU
> protection MIGHT be required for #3 and MUST be required for #4.
> I assume the virtual environment is designed in the same way. Please
> correct me if I am wrong.
>
Correct. The 0x30000...0x3ffff area is the only problematic one;
Igor's idea (or a variant, for example optionally remapping
0xa0000..0xaffff SMRAM to 0x30000) is becoming more and more attractive.
Paolo
- Re: [Qemu-devel] CPU hotplug using SMM with QEMU+OVMF, (continued)
- Re: [Qemu-devel] CPU hotplug using SMM with QEMU+OVMF, Paolo Bonzini, 2019/08/15
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Laszlo Ersek, 2019/08/15
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Igor Mammedov, 2019/08/15
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Paolo Bonzini, 2019/08/15
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Yao, Jiewen, 2019/08/15
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Paolo Bonzini, 2019/08/16
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Yao, Jiewen, 2019/08/16
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Laszlo Ersek, 2019/08/16
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Alex Williamson, 2019/08/16
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Yao, Jiewen, 2019/08/16
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF,
Paolo Bonzini <=
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Yao, Jiewen, 2019/08/18
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Paolo Bonzini, 2019/08/19
- Re: [Qemu-devel] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Laszlo Ersek, 2019/08/21
- Message not available
- Re: [Qemu-devel] [edk2-rfc] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Paolo Bonzini, 2019/08/21
- Message not available
- Re: [Qemu-devel] [edk2-rfc] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Paolo Bonzini, 2019/08/21
- Re: [Qemu-devel] [edk2-rfc] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Kinney, Michael D, 2019/08/21
- Re: [Qemu-devel] [edk2-rfc] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Paolo Bonzini, 2019/08/22
- Re: [Qemu-devel] [edk2-rfc] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Laszlo Ersek, 2019/08/22
- Re: [Qemu-devel] [edk2-rfc] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Paolo Bonzini, 2019/08/22
- Re: [Qemu-devel] [edk2-rfc] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF, Laszlo Ersek, 2019/08/23