[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: privileged entropy sources in QEMU/KVM guests
|
From: |
Paolo Bonzini |
|
Subject: |
Re: privileged entropy sources in QEMU/KVM guests |
|
Date: |
Thu, 7 Nov 2019 14:58:26 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
On 07/11/19 14:27, Laszlo Ersek wrote:
> The VirtioRngDxe driver is a UEFI driver that follows the UEFI driver
> model. Meaning (in this context), it is connected to the virtio-rng
> device in the BDS phase, by platform BDS code.
>
> Put differently, the non-privileged driver that's the source of the
> sensitive data would have to be a "platform DXE driver". The virtio
> drivers are not such drivers however.
Yes, it would have to be a platform DXE driver. What is it that limits
virtio to the BDS phase?
Paolo
Re: privileged entropy sources in QEMU/KVM guests, Laszlo Ersek, 2019/11/07
Re: privileged entropy sources in QEMU/KVM guests, Daniel P . Berrangé, 2019/11/07