From: Paolo Bonzini <pbonzini@redhat.com>
To: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
Peter Crosthwaite <peter.crosthwaite@xilinx.com>,
Laszlo Ersek <lersek@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode
Date: Thu, 09 Apr 2015 16:43:41 +0200 [thread overview]
Message-ID: <5526901D.4000208@redhat.com> (raw)
In-Reply-To: <20150409135828.GO30629@toto>
On 09/04/2015 15:58, Edgar E. Iglesias wrote:
> Hi Paulo,
>
> How would this work with XIP off the romd region?
> Without s/ns address spaces, CPUs in NS state will be able to execute
> and access data while in ROMD state won't they?
Good point! In fact, even with S/NS address spaces, the ROMD state is
global across all CPUs, so if one CPU does a secure write all other CPUs
would fail to access the ROM in non-secure mode. Even if I modified
pflash_mem_read to return ROM contents, it would fail to execute.
This works for UEFI because the reset vector is the only executable code
in the flash. The actual firmware volumes are compressed.
> I may be missing something...
You may also be missing (I didn't say it) that this is for x86 not ARM. :->
Paolo
next prev parent reply other threads:[~2015-04-09 14:43 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-09 12:20 [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode Paolo Bonzini
2015-04-09 12:20 ` [Qemu-devel] [PATCH 1/3] pflash_cfi01: change big-endian property to BIT type Paolo Bonzini
2015-04-09 12:20 ` [Qemu-devel] [PATCH 2/3] pflash_cfi01: change to new-style MMIO accessors Paolo Bonzini
2015-04-09 12:20 ` [Qemu-devel] [PATCH 3/3] pflash_cfi01: add secure property Paolo Bonzini
2015-04-09 12:47 ` [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode Peter Maydell
2015-04-09 13:06 ` Paolo Bonzini
2015-04-09 13:12 ` Peter Maydell
2015-04-09 13:58 ` Edgar E. Iglesias
2015-04-09 14:43 ` Paolo Bonzini [this message]
2015-04-09 16:10 ` Laszlo Ersek
2015-04-09 16:27 ` Paolo Bonzini
2015-04-09 23:30 ` Edgar E. Iglesias
2015-04-10 9:54 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5526901D.4000208@redhat.com \
--to=pbonzini@redhat.com \
--cc=edgar.iglesias@gmail.com \
--cc=kraxel@redhat.com \
--cc=lersek@redhat.com \
--cc=peter.crosthwaite@xilinx.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.