On 2012-01-29 17:27, Avi Kivity wrote: > On 01/29/2012 05:55 PM, Jan Kiszka wrote: >> On 2012-01-29 16:52, Avi Kivity wrote: >>> On 01/29/2012 05:51 PM, Avi Kivity wrote: >>>>> Already the assumption that we find a CPU index at >>>>> fs:0x51 is apparently hard-coding this. Or that kernel code is at >>>>> 0x8xxxxxxx or 0xExxxxxxx. >>>>> >>>>> But what makes sure that we aren't patching some other obscure OS that >>>>> doesn't comply with our assumptions but triggers the TPR access reports >>>>> nevertheless? >>>> >>>> Not much, but we've never had an issue. >>> >>> Checking that the bios is mapped at 0x[8e]0000000 + phys should filter >>> out most non-Windows OSes. >> >> Possibly. >> >> What about that major/minor version entries in the KPCR? Do they work, >> and do we have a list of what should be there? > > We don't. But things like the IDT/GTD/TSS and especially SelfPcr look > like good candidates. > So fs.base should be SelfPcr? Will check. Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
