Some questions regarding firmware handling in the qemu driver
Gerd Hoffmann
kraxel at redhat.com
Tue Jun 14 13:35:17 UTC 2022
Hi,
> libvirt requires the firmware to support SMM to enable secure boot. But is
> SMM a strict requirement for secure boot? IIUC, lack of SMM makes the
> securely booted stack less secure since it is easier to tamper with it, but
> it does not prevent securely booting the components.
Well, 'less secure' is an *ahem* interesting way to frame it. It's not
secure at all. The guest OS can go ahead modify uefi variables in flash
directly, and the firmware can't stop it.
It's possible to use a build without SMM support for niche use cases,
for example for test setups verifying the secure boot certificate
checking, where broken security isn't much of a problem.
That actually was useful before x86 got SMM support, now there is little
reason to do that.
take care,
Gerd
More information about the libvir-list
mailing list