On pe, 2016-05-27 at 10:09 +0000, Tian, Kevin wrote: > Curious why leaking BIOS configuration to VM is a security problem… > Can someone elaborate this view? > Hi, It is a potential vector in case we are blindly reading everything but blacklisted registers. Whitelisting would make it less so. But bigger problem is that it is a one more variable to the VM boot/operation; one could make a server farm non-operational by changing BIOS settings from one machine whose tasks are migrated to other servers. I think both are rather big inconvenience compared to making one-time golden MMIO snapshot for strange SKUs. Regards, Joonas -- Joonas Lahtinen Open Source Technology Center Intel Corporation _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
