qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first fla

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH 0/4] virt: provide secure-only RAM and first flash
Date: Tue, 8 Mar 2016 13:02:50 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 

On 08/03/2016 00:34, Peter Maydell wrote:
>> > I think that, if UEFI secure boot is in use, the UEFI environment
>> > variables should also be only accessible from TrustZone, because they
>> > store the key database.  At least that's how it works on x86, where both
>> > pflash devices have the secure=on flag.
> If I understand the setup that is being used correctly, UEFI runs
> in Non-secure, so making the second flash device secure would mean
> it could not access it.
> 
> Ard, do I have that right?

The part of UEFI that accesses variables can (optionally) be moved in
secure mode.  If you don't do that, secure boot is not secure at all.
Accesses from non-secure mode do the appropriate marshaling/unmarshaling
to call into the secure driver.

Again---that's what it does on x86, but restricting variable access to
the trusted base is an important part of UEFI secure boot.

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]