首頁 探索 說明
註冊 登入
FangSoftSoft
/
qemu
镜像来自 https://github.com/utmapp/qemu.git
2
0
複刻 0
Files 問題管理 0 Wiki
分支: utm-edition
分支列表 標籤列表
qemu
/
docs
/
devel
/
uefi-vars.rst

uefi-vars.rst 2.6 KB
永久連結 文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. ==============
    2. 

  2. UEFI variables
    3. 

  3. ==============
    4. 

  4. 

  5. Guest UEFI variable management
    6. 

  6. ==============================
    7. 

  7. 

  8. The traditional approach for UEFI Variable storage in qemu guests is
    9. 

  9. to work as close as possible to physical hardware.  That means
    10. 

  10. providing pflash as storage and leaving the management of variables
    11. 

  11. and flash to the guest.
    12. 

  12. 

  13. Secure boot support comes with the requirement that the UEFI variable
    14. 

  14. storage must be protected against direct access by the OS.  All update
    15. 

  15. requests must pass the sanity checks.  (Parts of) the firmware must
    16. 

  16. run with a higher privilege level than the OS so this can be enforced
    17. 

  17. by the firmware.  On x86 this has been implemented using System
    18. 

  18. Management Mode (SMM) in qemu and kvm, which again is the same
    19. 

  19. approach taken by physical hardware.  Only privileged code running in
    20. 

  20. SMM mode is allowed to access flash storage.
    21. 

  21. 

  22. Communication with the firmware code running in SMM mode works by
    23. 

  23. serializing the requests to a shared buffer, then trapping into SMM
    24. 

  24. mode via SMI.  The SMM code processes the request, stores the reply in
    25. 

  25. the same buffer and returns.
    26. 

  26. 

  27. Host UEFI variable service
    28. 

  28. ==========================
    29. 

  29. 

  30. Instead of running the privileged code inside the guest we can run it
    31. 

  31. on the host.  The serialization protocol can be reused.  The
    32. 

  32. communication with the host uses a virtual device, which essentially
    33. 

  33. configures the shared buffer location and size, and traps to the host
    34. 

  34. to process the requests.
    35. 

  35. 

  36. The ``uefi-vars`` device implements the UEFI virtual device.  It comes
    37. 

  37. in ``uefi-vars-x86`` and ``uefi-vars-sysbus`` flavours.  The device
    38. 

  38. reimplements the handlers needed, specifically
    39. 

  39. ``EfiSmmVariableProtocol`` and ``VarCheckPolicyLibMmiHandler``.  It
    40. 

  40. also consumes events (``EfiEndOfDxeEventGroup``,
    41. 

  41. ``EfiEventReadyToBoot`` and ``EfiEventExitBootServices``).
    42. 

  42. 

  43. The advantage of the approach is that we do not need a special
    44. 

  44. privilege level for the firmware to protect itself, i.e. it does not
    45. 

  45. depend on SMM emulation on x64, which allows the removal of a bunch of
    46. 

  46. complex code for SMM emulation from the linux kernel
    47. 

  47. (CONFIG_KVM_SMM=n).  It also allows support for secure boot on arm
    48. 

  48. without implementing secure world (el3) emulation in kvm.
    49. 

  49. 

  50. Of course there are also downsides.  The added device increases the
    51. 

  51. attack surface of the host, and we are adding some code duplication
    52. 

  52. because we have to reimplement some edk2 functionality in qemu.
    53. 

  53. 

  54. usage on x86_64
    55. 

  55. ---------------
    56. 

  56. 

  57. .. code::
    58. 

  58. 

  59.    qemu-system-x86_64 \
    60. 

  60.       -device uefi-vars-x86,jsonfile=/path/to/vars.json
    61. 

  61. 

  62. usage on aarch64
    63. 

  63. ----------------
    64. 

  64. 

  65. .. code::
    66. 

  66. 

  67.    qemu-system-aarch64 -M virt \
    68. 

  68.       -device uefi-vars-sysbus,jsonfile=/path/to/vars.json
    69.