From: Paolo Bonzini <pbonzini@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>,
Libvirt <libvir-list@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
Peter Krempa <pkrempa@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Qemu-block <qemu-block@nongnu.org>
Subject: Re: [Qemu-devel] Configuring pflash devices for OVMF firmware
Date: Thu, 31 Jan 2019 13:10:33 +0100 [thread overview]
Message-ID: <0871cdaf-6a78-1dd7-d18b-ae1337a1a54e@redhat.com> (raw)
In-Reply-To: <87bm3xcgll.fsf@dusky.pond.sub.org>
On 31/01/19 10:37, Markus Armbruster wrote:
>>
>>> Hmm, why is it okay to treat all pfl->cmd values the same when
>>> secure=on?
>> But doesn't matter. You just don't want MMIO mode to be active outside
>> SMM: all that non-SMM code want to do with the flash is read and execute
>> it, as far as they're concerned it's just ROM and the command mode is
>> nonexistent.
> Out of curiosity: what effect does secure=on have when the device is
> read-only (pflash_t member ro non-zero)?
Non-SMM code cannot execute commands. This means two things:
First, in addition to writes, there are nondestructive commands such as
read device id. Those are also inaccessible to non-SMM if secure=on.
Again, for non-SMM code it looks like your old ROM. This is not
important but...
... CFI commands, even commands that are nondestructive or writes that
fail because of readonly-ness, consist of multiple writes to the flash
device. If non-SMM code could issue a partial command, the SMM flash
driver would likely end up confused. Therefore it's probably a good
idea to make all parallel flash devices have secure=on even if the
content of the flash cannot be damaged, and that's why I never
considered anything but -global to configure the property.
Paolo
next prev parent reply other threads:[~2019-01-31 12:10 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-25 15:03 [Qemu-devel] Configuring pflash devices for OVMF firmware Markus Armbruster
2019-01-28 7:58 ` Laszlo Ersek
2019-01-28 10:39 ` Peter Maydell
2019-01-28 12:40 ` [Qemu-devel] [libvirt] " Gerd Hoffmann
2019-01-28 13:06 ` Peter Maydell
2019-01-28 14:55 ` Laszlo Ersek
2019-01-28 14:58 ` Peter Maydell
2019-01-28 15:03 ` Laszlo Ersek
2019-01-30 7:36 ` Markus Armbruster
2019-01-30 8:00 ` Gerd Hoffmann
2019-01-30 7:24 ` [Qemu-devel] " Markus Armbruster
2019-01-30 15:24 ` Peter Maydell
2019-01-30 16:44 ` Laszlo Ersek
2019-01-30 17:24 ` Peter Maydell
2019-01-31 8:52 ` Markus Armbruster
2019-01-31 10:01 ` Peter Maydell
2019-01-31 10:24 ` Markus Armbruster
2019-01-31 10:34 ` Peter Maydell
2019-01-31 12:05 ` Markus Armbruster
2019-01-30 14:13 ` Markus Armbruster
2019-01-30 14:33 ` Paolo Bonzini
2019-01-30 16:38 ` Laszlo Ersek
2019-01-31 8:33 ` Markus Armbruster
2019-01-31 9:19 ` Paolo Bonzini
2019-01-31 9:37 ` Markus Armbruster
2019-01-31 12:02 ` Laszlo Ersek
2019-01-31 12:10 ` Paolo Bonzini [this message]
2019-01-31 12:51 ` Markus Armbruster
2019-01-31 8:40 ` Markus Armbruster
2019-01-31 9:19 ` Paolo Bonzini
2019-01-31 9:41 ` Markus Armbruster
2019-01-31 10:12 ` Paolo Bonzini
2019-01-31 12:12 ` Markus Armbruster
2019-01-31 22:57 ` Paolo Bonzini
2019-01-31 23:28 ` Alexandro Sanchez Bach
2019-01-31 23:54 ` Paolo Bonzini
2019-02-01 2:49 ` Ning, Yu
2019-02-04 10:00 ` Paolo Bonzini
2019-02-01 8:58 ` Markus Armbruster
2019-01-31 11:57 ` Laszlo Ersek
2019-02-19 7:19 ` Markus Armbruster
2019-02-22 13:28 ` Markus Armbruster
2019-02-07 9:30 ` Markus Armbruster
2019-02-07 12:31 ` Laszlo Ersek
2019-02-07 13:49 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0871cdaf-6a78-1dd7-d18b-ae1337a1a54e@redhat.com \
--to=pbonzini@redhat.com \
--cc=armbru@redhat.com \
--cc=lersek@redhat.com \
--cc=libvir-list@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=pkrempa@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).