On 02/07/18 15:57, Igor Mammedov wrote: > On Wed, 7 Feb 2018 08:51:58 -0500 > Stefan Berger <[email protected]> wrote: > >> On 01/10/2018 08:22 AM, Laszlo Ersek wrote: >>> Stefan, >>> >>> On 01/09/18 20:02, Stefan Berger wrote: >>> > [...] > > >> So the point is SMM is needed for UEFI. QEMU would need to provide the >> ACPI code for it, which is basically a translation of the ACPI from EDK2 >> so that this could work. To support SeaBIOS as well, we would have to be >> able to distinguish a BIOS from the UEFI on the QEMU level so that we >> could produce different ACPI (no SMI and different OperationRegion than >> 0xFFFF 0000 for SeaBIOS), *if* on a system with a BIOS the memory area >> can be considered to be safe (like that EDK2 variable). > Does KVM actually restrict access to SMM memory (implements SMRR MSRs)?
KVM does not implement SMRRs, but QEMU+KVM implement SMRAM. OVMF exposes the Q35 TSEG region as SMRAM to the edk2 machinery. TSEG is controlled through various chipset registers. Paolo's presentation and slides from 2015: https://www.youtube.com/watch?v=IxLvxP1O8T8 > And even with SMRR, memory might be exposed to another cpu on > cpu hotplug in current hotplug impl. if malicious code wins > SIPI race in bringing up hotplugged CPU from (unprotected) > reset state. Yes, VCPU hotplug isn't even expected to work with SMM at the moment. "Don't do that just yet." https://bugzilla.redhat.com/show_bug.cgi?id=1454803 Thanks Laszlo _______________________________________________ SeaBIOS mailing list [email protected] https://mail.coreboot.org/mailman/listinfo/seabios
