From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34359)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ard.biesheuvel@linaro.org>) id 1adGYb-0005qv-Ak
	for qemu-devel@nongnu.org; Tue, 08 Mar 2016 07:16:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ard.biesheuvel@linaro.org>) id 1adGYV-0006P5-NZ
	for qemu-devel@nongnu.org; Tue, 08 Mar 2016 07:16:09 -0500
Received: from mail-io0-x22b.google.com ([2607:f8b0:4001:c06::22b]:33229)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ard.biesheuvel@linaro.org>) id 1adGYV-0006Ov-Ab
	for qemu-devel@nongnu.org; Tue, 08 Mar 2016 07:16:03 -0500
Received: by mail-io0-x22b.google.com with SMTP id n190so23657671iof.0
	for <qemu-devel@nongnu.org>; Tue, 08 Mar 2016 04:16:03 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <56DEC234.70907@redhat.com>
References: <1455288361-30117-1-git-send-email-peter.maydell@linaro.org>
	<56DD9C58.7050306@redhat.com>
	<CAFEAcA8C2VzkD=87W5Jn7X523cFZLZL6onxjKDoOcZsCPMQxZw@mail.gmail.com>
	<56DEBF6A.6070809@redhat.com>
	<CAKv+Gu9LzTTzdw5CSCDfpCyjSgB2h6+KawTTJQXSqJ7mhV_YdQ@mail.gmail.com>
	<CAKv+Gu8OgSK5+X71GLrvWLkcGcQ9=MuwOuFAsQroQTa3bWbHNA@mail.gmail.com>
	<56DEC234.70907@redhat.com>
Date: Tue, 8 Mar 2016 19:16:02 +0700
Message-ID: <CAKv+Gu-joM8MqtM=G_F7NLZEwpxLBMPeqimDwZv7yivTjYBFVQ@mail.gmail.com>
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and
	first flash
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, qemu-arm <qemu-arm@nongnu.org>, "Michael S. Tsirkin" <mst@redhat.com>, QEMU Developers <qemu-devel@nongnu.org>, Markus Armbruster <armbru@redhat.com>

On 8 March 2016 at 19:14, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
>
> On 08/03/2016 13:13, Ard Biesheuvel wrote:
>> > As far as this QEMU port is concerned, having some flash in secure and
>> > some in non-secure is going to be useful regardless, and 64 MB is
>> > plenty for both the code and the data. So if users of the Trustzone
>> > port (which is disjoint from the KVM port in any case) can tolerate
>> > having the code and the variables in the same pflash file, I could
>> > simply move the code into the second flash, and we could reserve the
>> > first flash for secure (so it sits at physical address 0x0
>>
>> Uhm, actually, the code is not even in the flash to begin with. So
>> having the second bank be non-secure only makes perfect sense imo
>
> Interesting, where is the code?
>

The UEFI code is loaded into DRAM by the secure firmware, and
relocated and executed from there.