* Paolo Bonzini (pbonzini@xxxxxxxxxx) wrote: > On 16/08/21 17:13, Ashish Kalra wrote: > > > > I think that once the mirror VM starts booting and running the UEFI > > > > code, it might be only during the PEI or DXE phase where it will > > > > start actually running the MH code, so mirror VM probably still need > > > > to handles KVM_EXIT_IO when SEC phase does I/O, I can see PIC > > > > accesses and Debug Agent initialization stuff in SEC startup code. > > > That may be a design of the migration helper code that you were working > > > with, but it's not necessary. > > > > > Actually my comments are about a more generic MH code. > > I don't think that would be a good idea; designing QEMU's migration helper > interface to be as constrained as possible is a good thing. The migration > helper is extremely security sensitive code, so it should not expose itself > to the attack surface of the whole of QEMU. It's also odd in that it's provided by the guest and acting on behalf of the migration code; that's an unusually trusting relationship. Dave > Paolo > -- Dr. David Alan Gilbert / dgilbert@xxxxxxxxxx / Manchester, UK
