On Sun, Nov 22, 2009 at 05:38:09PM +0200, Gleb Natapov wrote: > On Sun, Nov 22, 2009 at 04:31:24PM +0100, Sebastian Herbszt wrote: > > // Write protect bios memory. > > make_bios_readonly(); > Hmmm. How is tpr patching works then? It relies on ability of a guest to > write into BIOS memory region. Need to retest if it actually works I > guess.
The last time I looked, the TPR patching backend forced the "vapic" pages to be writable (effectively overriding the bios decision to make it readonly). > > Bad things could happen if someone modifies the BIOS because it's > > unprotected > > (e.g. VM crash). I'm not sure why modification of the BIOS would cause a VM crash. If this is true, then a malicious guest could unlock the ram and write to it for the same effect. -Kevin
