[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first fla
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash |
|
Date: |
Thu, 25 Feb 2016 16:47:16 +0000 |
Ping? Review appreciated especially for the loader.c change...
thanks
-- PMM
On 12 February 2016 at 14:45, Peter Maydell <address@hidden> wrote:
> This patchset adds some more secure-only devices to the virt board:
> (1) a 16MB secure-only RAM
> (2) the first flash device is secure-only
>
> The second of these is strictly speaking a breaking change, but I don't
> expect it in practice to break anybody:
> (a) there's not much use of the secure support in virt yet
> (b) anything booting a rom image from that flash if TZ is enabled
> will be booting it in Secure mode anyway so will be able to access
> the code -- the only thing that would stop working would be if the
> guest flipped to NS and still expected to be able to access the flash
>
> The second flash device remains NS-accessible (with the expectation that
> it will be used for NS UEFI environment variable storage).
>
> In particular, the ATF+OPTEE+UEFI+Linux stack still works fine with
> these changes.
>
>
> NOTE: to get the -bios option to correctly load to the secure-only
> flash I had to implement a new function in loader.c. load_image_mr()
> is just like load_image_targphys() except that it requests loading
> to a MemoryRegion rather than a physaddr. I think we can also use this
> to clean up the Sparc cg3 and tcx display devices, which currently take
> a qdev property which is "the address I'm going to be mapped at"
> purely so they can use load_image_targphys() to load their ROMs.
>
> I have to say I found the loader.c code a bit confusing (it has some
> support for "load image to MR" already, but it seems to be tangled
> up with the fw_cfg and PC option rom support); review of that
> patch in particular appreciated.
>
> thanks
> -- PMM
>
> Peter Maydell (4):
> hw/arm/virt: Provide a secure-only RAM if booting in Secure mode
> loader: Add load_image_mr() to load ROM image to a MemoryRegion
> hw/arm/virt: Load bios image to MemoryRegion, not physaddr
> hw/arm/virt: Make first flash device Secure-only if booting secure
>
> hw/arm/virt.c | 118
> ++++++++++++++++++++++++++++++++++++++------------
> hw/core/loader.c | 35 +++++++++++++--
> include/hw/arm/virt.h | 1 +
> include/hw/loader.h | 18 +++++++-
> 4 files changed, 138 insertions(+), 34 deletions(-)
- [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash, Peter Maydell, 2016/02/12
- [Qemu-devel] [PATCH 2/4] loader: Add load_image_mr() to load ROM image to a MemoryRegion, Peter Maydell, 2016/02/12
- [Qemu-devel] [PATCH 1/4] hw/arm/virt: Provide a secure-only RAM if booting in Secure mode, Peter Maydell, 2016/02/12
- [Qemu-devel] [PATCH 4/4] hw/arm/virt: Make first flash device Secure-only if booting secure, Peter Maydell, 2016/02/12
- [Qemu-devel] [PATCH 3/4] hw/arm/virt: Load bios image to MemoryRegion, not physaddr, Peter Maydell, 2016/02/12
- Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash, Mark Cave-Ayland, 2016/02/12
- Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash,
Peter Maydell <=