On Tue, Oct 11, 2022 at 10:29:45AM +0100, Peter Maydell wrote: > On Tue, 11 Oct 2022 at 09:41, Laurent Vivier <laur...@vivier.eu> wrote: > > > > Le 03/10/2022 à 13:02, Jason A. Donenfeld a écrit : > > > Rather than poking directly into RAM, add the bootinfo block as a proper > > > ROM, so that it's restored when rebooting the system. This way, if the > > > guest corrupts any of the bootinfo items, but then tries to reboot, > > > it'll still be restored back to normal as expected. > > > > > > Then, since the RNG seed needs to be fresh on each boot, regenerate the > > > RNG seed in the ROM when reseting the CPU. > > > > As it's needed to be refreshed, I think it would better not to use a ROM > > and to regenerate all the > > bootinfo data on the reset. > > I quite liked the use of a rom blob in this patch -- it gets rid > of a lot of direct stl_phys() calls (which is a semi-deprecated > API because it ignores the possibility of failure).
A ROM is also how other archs do it. I'm good either way though. Laurent/Peter - can you guys decide something and let me know if I need a v+1 that avoids the ROM, or if you'll go with this v3 that uses the ROM? Just make a decision, and I'll follow it. Jason
