[Intel-gfx] Wrt golden MMIO/CFG snaphot in GVT-g

Tian, Kevin kevin.tian at intel.com
Fri May 27 10:09:07 UTC 2016


Curious why leaking BIOS configuration to VM is a security problem... Can someone elaborate this view?

From: Wang, Zhi A
Sent: Friday, May 27, 2016 6:05 PM
To: intel-gfx at lists.freedesktop.org
Cc: joonas.lahtinen at linux.intel.com; Chris Wilson; Vetter, Daniel; tvrtko.ursulin at linux.intel.com; Tian, Kevin; Lv, Zhiyuan
Subject: FW: Wrt golden MMIO/CFG snaphot in GVT-g

For me I think maybe i915 could save the snapshot for GVT, then GVT-g patch the snapshot itself, then there won't be leaking happened I think. Even we wrote a dedicated little program, we would do the same thing.

From: Wang, Zhi A
Sent: Friday, May 27, 2016 12:59 PM
To: joonas.lahtinen at linux.intel.com<mailto:joonas.lahtinen at linux.intel.com>; 'Chris Wilson' <chris at chris-wilson.co.uk<mailto:chris at chris-wilson.co.uk>>; Vetter, Daniel <daniel.vetter at intel.com<mailto:daniel.vetter at intel.com>>; tvrtko.ursulin at linux.intel.com<mailto:tvrtko.ursulin at linux.intel.com>
Cc: Tian, Kevin <kevin.tian at intel.com<mailto:kevin.tian at intel.com>>; Lv, Zhiyuan <zhiyuan.lv at intel.com<mailto:zhiyuan.lv at intel.com>>
Subject: Wrt golden MMIO/CFG snaphot in GVT-g

Hi Guys:
I received some comments on from Kevin. Mostly his concern is the burden of maintain/releasing the MMIO/CFG snapshot for customers. As we might not have all the SKUs/platform which customers have, even we release the snapshot file generator for customer, it would still bring some extra effort when customer deploying the SW. And he suggested i915 better i915 could keep the snapshot for GVT-g during module loading. As we have shared some ideas about the security problem like leaking BIOS configuration to VM, better we could elaborate more ideas and figure out a better approach. Let's discuss. :)

Thanks,
Zhi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx/attachments/20160527/c0662c70/attachment-0001.html>


More information about the Intel-gfx mailing list