[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 00/16] hw/uefi: add uefi variable service
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [PATCH 00/16] hw/uefi: add uefi variable service |
|
Date: |
Wed, 22 Nov 2023 13:40:40 +0100 |
Hi,
> One option I've illustrated before is that have SVSM (or equiv)
> expose an encrypted storage service to EDK2. Given the proposed EDK2
> side protocol/modifications for variable storage, I wonder if it is
> viable for SVSM (or equiv) to replace QEMU in providing the backend
> storage impl ? IOW, host QEMU would expose a pflash to the guest,
> to which SVSM would apply full disk encryption, and then store the
> EFI variables in it
Yes. IIRC (it's been a while I've looked at the spec) the SVSM can
request that access to specific pages trap, so it could use that to
emulate the mmio/sysbus variant of the device. Not sure if that could
work for io/isa too. Another option would be to add a third interface
variant which uses SVSM service calls.
And one advantage of a rust implementation would be that integrating
with coconut-svsm (which is written in rust too) might be easier. On
the other hand the SVSM is a very different environment, the rust stdlib
is not available for example, and the way persistence is implemented
will probably look very different too. Another difference is crypto
support, qemu uses nettle / gnutls whereas svsm will probably use
openssl. So not sure how big the opportunity to share the code between
qemu and svsm on the backend side actually is.
take care,
Gerd
- Re: [PATCH 05/16] hw/uefi: add var-service-core.c, (continued)
- [PATCH 13/16] hw/uefi: add uefi-vars-sysbus device, Gerd Hoffmann, 2023/11/15
- [PATCH 04/16] hw/uefi: add var-service-guid.c, Gerd Hoffmann, 2023/11/15
- [PATCH 06/16] hw/uefi: add var-service-vars.c, Gerd Hoffmann, 2023/11/15
- [PATCH 14/16] hw/uefi: add uefi-vars-isa device, Gerd Hoffmann, 2023/11/15
- Re: [PATCH 00/16] hw/uefi: add uefi variable service, Alexander Graf, 2023/11/20