qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] About making QEMU to LIBs!

From: Paolo Bonzini
Subject: Re: [Qemu-devel] About making QEMU to LIBs!
Date: Wed, 27 Mar 2019 14:30:03 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 
On 27/03/19 14:19, Samuel Ortiz wrote:
> Hi Paolo,
> 
> On Tue, Mar 26, 2019 at 10:07:35AM +0100, Paolo Bonzini wrote:
>> Would separate QEMU binaries be a solution?  I think I am not as opposed
>> to a "q35-lite" machine type these days, I find it preferrable to share
>> the northbridge and southbridge with Q35 and just get rid of IDE, VGA,
>> IOAPIC, legacy ISA devices etc.  The chipset would stay the same as q35
>> so that we keep secure boot,
> Excuse my ignorance, but could you explain why the chipset emulation is
> needed for secure boot?

Because currently Secure Boot requires SMM (if you don't have SMM, it is
not really secure because the key database can be overwritten by
untrusted code).  Of course you could add SMM support to your virt PCI
host bridge, and support for your virt PCI host bridge to OVMF.
However, at some point you get into diminishing returns.

The situation is more or less the same as for hotplug.  In that case,
some of the things that ICH9 is doing are still needed even if you get
rid of IOAPIC/INTX, so you still need something to will do those things.
You can pick either the existing ICH9 or a new ACPI hotplug controller,
but the code still has to be there somewhere.

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]