Re: [Qemu-devel] [RFC PATCH 0/3] pflash_cfi01: allow reading/writing it only in secure mode

[Laszlo Ersek]

On 04/09/15 16:43, Paolo Bonzini wrote:
> 
> 
> On 09/04/2015 15:58, Edgar E. Iglesias wrote:
>> Hi Paulo,
>>
>> How would this work with XIP off the romd region?
>> Without s/ns address spaces,  CPUs in NS state will be able to execute
>> and access data while in ROMD state won't they?
> 
> Good point!  In fact, even with S/NS address spaces, the ROMD state is
> global across all CPUs, so if one CPU does a secure write all other CPUs
> would fail to access the ROM in non-secure mode.  Even if I modified
> pflash_mem_read to return ROM contents, it would fail to execute.
> 
> This works for UEFI because the reset vector is the only executable code
> in the flash.  The actual firmware volumes are compressed.

In OVMF, the reset vector and the SEC phase code run from (read-only)
flash. SEC decompresses everything else to RAM. Also, SEC does not
access read-write flash (the varstore) at all.

The above is a specialty of OVMF. In ArmVirtualizationQemu (aka AAVMF),
two further module types run from flash, after SEC: PEI_CORE, and some
PEIMs (ie. the PEI phase comes into the picture). During PEI, read-only
access to the varstore should be supported.

... I'm providing the above as "standalone facts", neither as
confirmation nor as disproof for what you wrote. I don't know enough to
combine these edk2 bits with what you wrote myself, but my hope is that
*you* can maybe combine them, if I point them out. :)

>> I may be missing something...
> 
> You may also be missing (I didn't say it) that this is for x86 not ARM. :->

Right; as long as we're focusing on OVMF "only", then everything after
SEC runs from RAM.

Thanks!
Laszlo