From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: Kevin O'Connor <kevin@koconnor.net>,
"Michael S. Tsirkin" <mst@redhat.com>
Cc: imammedo@redhat.com, qemu-devel@nongnu.org, quan.xu@intel.com
Subject: Re: [Qemu-devel] [PATCH v3 3/6] Support Physical Presence Interface Spec
Date: Tue, 02 Jun 2015 12:18:58 -0400 [thread overview]
Message-ID: <556DD772.3050807@linux.vnet.ibm.com> (raw)
In-Reply-To: <20150602151831.GA28908@morn.localdomain>
On 06/02/2015 11:18 AM, Kevin O'Connor wrote:
> On Tue, Jun 02, 2015 at 04:46:06PM +0200, Michael S. Tsirkin wrote:
>> On Tue, Jun 02, 2015 at 10:28:52AM -0400, Stefan Berger wrote:
>>> How would I mark the DataTableRegion as AddressRangeReserved or would it
>>> automatically be?
>> It's automatically either AddressRangeReserved or AddressRangeNVS.
>> It doesn't look like you have control over which it is.
>> seabios makes it reserved, nvs makes it
> As I understand it, Stefan wants to do something a little unusual
> here. The goal is to allow the guest OS to send a signal to the BIOS
> on the next boot, because the TPM stuff only allows the BIOS to change
> certain settings immediately after the machine has booted (or
> rebooted). So, the idea is to allow the guest OS to put some code in
> reserved memory that is at a consistent address so that on a reboot
> seabios can find that code and take the corresponding action. The
> memory has to be non-volatile across reboots, and it must be someplace
> that can be found prior to it being zero'd or overwritten by any init
> process.
>
> Did I understand this correctly?
Correct.
>
> If so, I don't see how the normal QEMU <-> seabios ACPI table
> deployment mechanism will help here. SeaBIOS does reserve the space,
> but nothing prevents SeaBIOS from overwriting it before extracting any
> updates from a previous boot.
>
> As an aside, I thought putting the updates in a "reserved area" of the
> TPM chip was a simple solution to this problem. That way, it's easy
> for the guest OS and SeaBIOS to know where the codes will be stored,
> and no chance any init process will overwrite it by accident.
>
> For reference, the original solution was for SeaBIOS to declare an
> area of reserved memory and do it in such a way that the address would
> be consistent across reboots and would not be overwritten by any init
> process. The problem with this approach was that the guest OS didn't
> implicitly know where that area of memory was, and it had to "table
> scan" to find the address - that was deemed too ugly.
>
> -Kevin
>
next prev parent reply other threads:[~2015-06-02 16:19 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-26 21:33 [Qemu-devel] [PATCH v3 0/6] Extend TPM support with a QEMU-external TPM Stefan Berger
2015-05-26 21:33 ` [Qemu-devel] [PATCH v3 1/6] Provide support for the CUSE TPM Stefan Berger
2015-05-26 23:05 ` Eric Blake
2015-05-27 1:53 ` Stefan Berger
2015-05-26 21:33 ` [Qemu-devel] [PATCH v3 2/6] Introduce RAM location in vendor specific area in TIS Stefan Berger
2015-05-26 21:33 ` [Qemu-devel] [PATCH v3 3/6] Support Physical Presence Interface Spec Stefan Berger
2015-05-31 18:11 ` Michael S. Tsirkin
2015-06-02 3:11 ` Stefan Berger
2015-06-02 9:15 ` Michael S. Tsirkin
2015-06-02 13:22 ` Stefan Berger
2015-06-02 13:30 ` Michael S. Tsirkin
2015-06-02 14:28 ` Stefan Berger
2015-06-02 14:46 ` Michael S. Tsirkin
2015-06-02 15:06 ` Stefan Berger
2015-06-02 15:11 ` Michael S. Tsirkin
2015-06-02 16:28 ` Stefan Berger
2015-06-02 15:18 ` Kevin O'Connor
2015-06-02 16:18 ` Stefan Berger [this message]
2015-06-02 15:00 ` Michael S. Tsirkin
2015-05-26 21:33 ` [Qemu-devel] [PATCH v3 4/6] Introduce condition to notifiy waiters of completed command Stefan Berger
2015-05-31 18:11 ` Michael S. Tsirkin
2015-05-26 21:33 ` [Qemu-devel] [PATCH v3 5/6] Introduce condition in TPM backend for notification Stefan Berger
2015-05-26 21:33 ` [Qemu-devel] [PATCH v3 6/6] Add support for VM suspend/resume for TPM TIS Stefan Berger
2015-05-31 18:11 ` [Qemu-devel] [PATCH v3 0/6] Extend TPM support with a QEMU-external TPM Michael S. Tsirkin
2015-06-02 13:17 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=556DD772.3050807@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=imammedo@redhat.com \
--cc=kevin@koconnor.net \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quan.xu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.