On 04/09/15 16:43, Paolo Bonzini wrote: > > > On 09/04/2015 15:58, Edgar E. Iglesias wrote: >> Hi Paulo, >> >> How would this work with XIP off the romd region? >> Without s/ns address spaces, CPUs in NS state will be able to execute >> and access data while in ROMD state won't they? > > Good point! In fact, even with S/NS address spaces, the ROMD state is > global across all CPUs, so if one CPU does a secure write all other CPUs > would fail to access the ROM in non-secure mode. Even if I modified > pflash_mem_read to return ROM contents, it would fail to execute. > > This works for UEFI because the reset vector is the only executable code > in the flash. The actual firmware volumes are compressed.
In OVMF, the reset vector and the SEC phase code run from (read-only) flash. SEC decompresses everything else to RAM. Also, SEC does not access read-write flash (the varstore) at all. The above is a specialty of OVMF. In ArmVirtualizationQemu (aka AAVMF), two further module types run from flash, after SEC: PEI_CORE, and some PEIMs (ie. the PEI phase comes into the picture). During PEI, read-only access to the varstore should be supported. ... I'm providing the above as "standalone facts", neither as confirmation nor as disproof for what you wrote. I don't know enough to combine these edk2 bits with what you wrote myself, but my hope is that *you* can maybe combine them, if I point them out. :) >> I may be missing something... > > You may also be missing (I didn't say it) that this is for x86 not ARM. :-> Right; as long as we're focusing on OVMF "only", then everything after SEC runs from RAM. Thanks! Laszlo
