From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34165) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1adGXY-0004mK-Fi for qemu-devel@nongnu.org; Tue, 08 Mar 2016 07:15:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1adGXT-0006DF-Dy for qemu-devel@nongnu.org; Tue, 08 Mar 2016 07:15:04 -0500 References: <1455288361-30117-1-git-send-email-peter.maydell@linaro.org> <56DD9C58.7050306@redhat.com> <56DEBF6A.6070809@redhat.com> From: Paolo Bonzini Message-ID: <56DEC234.70907@redhat.com> Date: Tue, 8 Mar 2016 13:14:44 +0100 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Ard Biesheuvel Cc: Peter Maydell , qemu-arm , "Michael S. Tsirkin" , QEMU Developers , Markus Armbruster On 08/03/2016 13:13, Ard Biesheuvel wrote: > > As far as this QEMU port is concerned, having some flash in secure and > > some in non-secure is going to be useful regardless, and 64 MB is > > plenty for both the code and the data. So if users of the Trustzone > > port (which is disjoint from the KVM port in any case) can tolerate > > having the code and the variables in the same pflash file, I could > > simply move the code into the second flash, and we could reserve the > > first flash for secure (so it sits at physical address 0x0 > > Uhm, actually, the code is not even in the flash to begin with. So > having the second bank be non-secure only makes perfect sense imo Interesting, where is the code? Paolo