On Sun, Nov 22, 2009 at 12:40:24PM -0500, Kevin O'Connor wrote:
> On Sun, Nov 22, 2009 at 05:38:09PM +0200, Gleb Natapov wrote:
> > On Sun, Nov 22, 2009 at 04:31:24PM +0100, Sebastian Herbszt wrote:
> > > // Write protect bios memory.
> > > make_bios_readonly();
> > Hmmm. How is tpr patching works then? It relies on ability of a guest to
> > write into BIOS memory region. Need to retest if it actually works I
> > guess.
>
> The last time I looked, the TPR patching backend forced the "vapic"
> pages to be writable (effectively overriding the bios decision to make
> it readonly).
>
Don't see where it does this. But now I recall that KVM doesn't support
ROM slots, so BIOS area is always writable under KVM.
> > > Bad things could happen if someone modifies the BIOS because it's
> > > unprotected
> > > (e.g. VM crash).
>
> I'm not sure why modification of the BIOS would cause a VM crash. If
> this is true, then a malicious guest could unlock the ram and write to
> it for the same effect.
>
> -Kevin
--
Gleb.
