> From: Joonas Lahtinen [mailto:joonas.lahtinen@xxxxxxxxxxxxxxx] > Sent: Friday, May 27, 2016 7:39 PM > > On pe, 2016-05-27 at 10:09 +0000, Tian, Kevin wrote: > > Curious why leaking BIOS configuration to VM is a security problem… > > Can someone elaborate this view? > > > > Hi, > > It is a potential vector in case we are blindly reading everything but > blacklisted registers. Whitelisting would make it less so. > > But bigger problem is that it is a one more variable to the VM > boot/operation; one could make a server farm non-operational by > changing BIOS settings from one machine whose tasks are migrated to > other servers. I don't think it's a real problem. In reality we'll allow migration between machines with same generation/configuration, which is also the typical case in data center/cloud vendors who usually provide one service with a pool of same models. > > I think both are rather big inconvenience compared to making one-time > golden MMIO snapshot for strange SKUs. > However there is no such golden MMIO definition in spec which works on all SKUs. There are many states which might be sku specific. Using a golden state different from underlying hardware would lead to unexpected issues and difficult to debug. Thanks Kevin _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
