From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39144) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aYz4j-0006gG-KO for qemu-devel@nongnu.org; Thu, 25 Feb 2016 11:47:38 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aYz4i-000357-Oh for qemu-devel@nongnu.org; Thu, 25 Feb 2016 11:47:37 -0500 Received: from mail-vk0-x232.google.com ([2607:f8b0:400c:c05::232]:33711) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aYz4i-000351-KO for qemu-devel@nongnu.org; Thu, 25 Feb 2016 11:47:36 -0500 Received: by mail-vk0-x232.google.com with SMTP id k196so53440569vka.0 for ; Thu, 25 Feb 2016 08:47:36 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <1455288361-30117-1-git-send-email-peter.maydell@linaro.org> References: <1455288361-30117-1-git-send-email-peter.maydell@linaro.org> From: Peter Maydell Date: Thu, 25 Feb 2016 16:47:16 +0000 Message-ID: Content-Type: text/plain; charset=UTF-8 Subject: Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: QEMU Developers Cc: Paolo Bonzini , qemu-arm , Markus Armbruster , "Michael S. Tsirkin" Ping? Review appreciated especially for the loader.c change... thanks -- PMM On 12 February 2016 at 14:45, Peter Maydell wrote: > This patchset adds some more secure-only devices to the virt board: > (1) a 16MB secure-only RAM > (2) the first flash device is secure-only > > The second of these is strictly speaking a breaking change, but I don't > expect it in practice to break anybody: > (a) there's not much use of the secure support in virt yet > (b) anything booting a rom image from that flash if TZ is enabled > will be booting it in Secure mode anyway so will be able to access > the code -- the only thing that would stop working would be if the > guest flipped to NS and still expected to be able to access the flash > > The second flash device remains NS-accessible (with the expectation that > it will be used for NS UEFI environment variable storage). > > In particular, the ATF+OPTEE+UEFI+Linux stack still works fine with > these changes. > > > NOTE: to get the -bios option to correctly load to the secure-only > flash I had to implement a new function in loader.c. load_image_mr() > is just like load_image_targphys() except that it requests loading > to a MemoryRegion rather than a physaddr. I think we can also use this > to clean up the Sparc cg3 and tcx display devices, which currently take > a qdev property which is "the address I'm going to be mapped at" > purely so they can use load_image_targphys() to load their ROMs. > > I have to say I found the loader.c code a bit confusing (it has some > support for "load image to MR" already, but it seems to be tangled > up with the fw_cfg and PC option rom support); review of that > patch in particular appreciated. > > thanks > -- PMM > > Peter Maydell (4): > hw/arm/virt: Provide a secure-only RAM if booting in Secure mode > loader: Add load_image_mr() to load ROM image to a MemoryRegion > hw/arm/virt: Load bios image to MemoryRegion, not physaddr > hw/arm/virt: Make first flash device Secure-only if booting secure > > hw/arm/virt.c | 118 ++++++++++++++++++++++++++++++++++++++------------ > hw/core/loader.c | 35 +++++++++++++-- > include/hw/arm/virt.h | 1 + > include/hw/loader.h | 18 +++++++- > 4 files changed, 138 insertions(+), 34 deletions(-)