On 04/10/18 07:59, Gerd Hoffmann wrote:
>> I threw in "-kernel" because, although it also (usually?) means
>> "memory", I expected people would want it separate.
>> Regarding memory vs. pflash, I thought that these two, combined with the
>> access permissions, could cover all of RAM, ROM, and read-only and
>> read-write pflash too.
>> So, "-bios" (-> ROM) boils down to "memory", with write access denied --
>> please see the SeaBIOS example near the end.
> Hmm, I'm wondering whenever it is useful to model things this way. It's
> not like you can actually configure things for -bios seabios.rom or
> -kernel uboot.elf. Only pflash allows to actually configure things, and
> there are not that many useful combinations. The code needs
> Read+Execute. Allowing Write could be useful in theory, to allow the
> guest doing firmware updates. But I think nobody actually does that, so
> in practice it is fixed. The varstore can have different permissions,
> but it's only two useful combinations. Either allow access
> unconditionally, or allow access in secure contect (aka smm) only.
(I hope I understand your point right:)
I'm also fine if we simply define a fixed (but extensible) set of
mapping methods, basically a new enum type, that simply tells libvirtd
what this firmware *is*. IOW, directly reference a mapping method we
know libvirt implements, rather than give vague hints.
This could repurpose SystemFirmwareType, but it should become more
detailed. I'm thinking like:
- ovmf: split files without requiring SMM
- ovmf_smm: split files with SMM requirement
- seabios: exactly that
- ... other things others suggest.
So "ovmf" would refer precisely to point (3) in my email
and "ovmf_smm" would refer to point (4) in that email.
Let me post the next version soon with this idea, focusing just on OVMF
and maybe SeaBIOS. Then let us see if that RFCv2 format lends itself
easily to extensions by Thomas. :)