From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38712) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YgDgR-0004Al-Tt for qemu-devel@nongnu.org; Thu, 09 Apr 2015 10:43:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YgDgM-0000NR-RQ for qemu-devel@nongnu.org; Thu, 09 Apr 2015 10:43:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60153) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YgDgM-0000NF-Ka for qemu-devel@nongnu.org; Thu, 09 Apr 2015 10:43:50 -0400 Message-ID: <5526901D.4000208@redhat.com> Date: Thu, 09 Apr 2015 16:43:41 +0200 From: Paolo Bonzini MIME-Version: 1.0 References: <1428582043-19080-1-git-send-email-pbonzini@redhat.com> <5526795F.1020802@redhat.com> <20150409135828.GO30629@toto> In-Reply-To: <20150409135828.GO30629@toto> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Subject: Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Edgar E. Iglesias" Cc: Peter Maydell , Peter Crosthwaite , Laszlo Ersek , QEMU Developers , Gerd Hoffmann On 09/04/2015 15:58, Edgar E. Iglesias wrote: > Hi Paulo, > > How would this work with XIP off the romd region? > Without s/ns address spaces, CPUs in NS state will be able to execute > and access data while in ROMD state won't they? Good point! In fact, even with S/NS address spaces, the ROMD state is global across all CPUs, so if one CPU does a secure write all other CPUs would fail to access the ROM in non-secure mode. Even if I modified pflash_mem_read to return ROM contents, it would fail to execute. This works for UEFI because the reset vector is the only executable code in the flash. The actual firmware volumes are compressed. > I may be missing something... You may also be missing (I didn't say it) that this is for x86 not ARM. :-> Paolo