Re: [Qemu-arm] [PATCH 0/4] virt: provide secure-only RAM and first flash

[Peter Maydell]

On 7 March 2016 at 22:20, Paolo Bonzini <address@hidden> wrote:
>
>
> On 12/02/2016 15:45, Peter Maydell wrote:
>> This patchset adds some more secure-only devices to the virt board:
>>  (1) a 16MB secure-only RAM
>>  (2) the first flash device is secure-only
>>
>> The second of these is strictly speaking a breaking change, but I don't
>> expect it in practice to break anybody:
>>  (a) there's not much use of the secure support in virt yet
>>  (b) anything booting a rom image from that flash if TZ is enabled
>>   will be booting it in Secure mode anyway so will be able to access
>>   the code -- the only thing that would stop working would be if the
>>   guest flipped to NS and still expected to be able to access the flash
>>
>> The second flash device remains NS-accessible (with the expectation that
>> it will be used for NS UEFI environment variable storage).
>
> I think that, if UEFI secure boot is in use, the UEFI environment
> variables should also be only accessible from TrustZone, because they
> store the key database.  At least that's how it works on x86, where both
> pflash devices have the secure=on flag.

If I understand the setup that is being used correctly, UEFI runs
in Non-secure, so making the second flash device secure would mean
it could not access it.

Ard, do I have that right?

thanks
-- PMM