[Intel-gfx] Wrt golden MMIO/CFG snaphot in GVT-g

[Joonas Lahtinen]

On pe, 2016-05-27 at 10:09 +0000, Tian, Kevin wrote:
> Curious why leaking BIOS configuration to VM is a security problem…
> Can someone elaborate this view?
>  

Hi,

It is a potential vector in case we are blindly reading everything but
blacklisted registers. Whitelisting would make it less so.

But bigger problem is that it is a one more variable to the VM
boot/operation; one could make a server farm non-operational by
changing BIOS settings from one machine whose tasks are migrated to
other servers.

I think both are rather big inconvenience compared to making one-time
golden MMIO snapshot for strange SKUs.

Regards, Joonas
-- 
Joonas Lahtinen
Open Source Technology Center
Intel Corporation