From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60205)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1YgF2C-0006ip-Kn
	for qemu-devel@nongnu.org; Thu, 09 Apr 2015 12:10:29 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1YgF27-00082L-Cv
	for qemu-devel@nongnu.org; Thu, 09 Apr 2015 12:10:28 -0400
Received: from mx1.redhat.com ([209.132.183.28]:59331)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1YgF27-000826-73
	for qemu-devel@nongnu.org; Thu, 09 Apr 2015 12:10:23 -0400
Message-ID: <5526A469.9060502@redhat.com>
Date: Thu, 09 Apr 2015 18:10:17 +0200
From: Laszlo Ersek <lersek@redhat.com>
MIME-Version: 1.0
References: <1428582043-19080-1-git-send-email-pbonzini@redhat.com>
	<CAFEAcA9WZ5Vx3tRVrykP33+JSq-A=a+-fMRMPR-PJnGaHazmtg@mail.gmail.com>
	<5526795F.1020802@redhat.com> <20150409135828.GO30629@toto>
	<5526901D.4000208@redhat.com>
In-Reply-To: <5526901D.4000208@redhat.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow
 reading/writing it only in secure mode
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>, "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, Peter Crosthwaite <peter.crosthwaite@xilinx.com>, QEMU Developers <qemu-devel@nongnu.org>, Gerd Hoffmann <kraxel@redhat.com>

On 04/09/15 16:43, Paolo Bonzini wrote:
> 
> 
> On 09/04/2015 15:58, Edgar E. Iglesias wrote:
>> Hi Paulo,
>>
>> How would this work with XIP off the romd region?
>> Without s/ns address spaces,  CPUs in NS state will be able to execute
>> and access data while in ROMD state won't they?
> 
> Good point!  In fact, even with S/NS address spaces, the ROMD state is
> global across all CPUs, so if one CPU does a secure write all other CPUs
> would fail to access the ROM in non-secure mode.  Even if I modified
> pflash_mem_read to return ROM contents, it would fail to execute.
> 
> This works for UEFI because the reset vector is the only executable code
> in the flash.  The actual firmware volumes are compressed.

In OVMF, the reset vector and the SEC phase code run from (read-only)
flash. SEC decompresses everything else to RAM. Also, SEC does not
access read-write flash (the varstore) at all.

The above is a specialty of OVMF. In ArmVirtualizationQemu (aka AAVMF),
two further module types run from flash, after SEC: PEI_CORE, and some
PEIMs (ie. the PEI phase comes into the picture). During PEI, read-only
access to the varstore should be supported.

... I'm providing the above as "standalone facts", neither as
confirmation nor as disproof for what you wrote. I don't know enough to
combine these edk2 bits with what you wrote myself, but my hope is that
*you* can maybe combine them, if I point them out. :)

>> I may be missing something...
> 
> You may also be missing (I didn't say it) that this is for x86 not ARM. :->

Right; as long as we're focusing on OVMF "only", then everything after
SEC runs from RAM.

Thanks!
Laszlo