Some questions regarding firmware handling in the qemu driver
Jim Fehlig
jfehlig at suse.com
Thu Jun 16 14:25:24 UTC 2022
On 6/14/22 07:35, Gerd Hoffmann wrote:
> Hi,
>
>> libvirt requires the firmware to support SMM to enable secure boot. But is
>> SMM a strict requirement for secure boot? IIUC, lack of SMM makes the
>> securely booted stack less secure since it is easier to tamper with it, but
>> it does not prevent securely booting the components.
>
> Well, 'less secure' is an *ahem* interesting way to frame it. It's not
> secure at all. The guest OS can go ahead modify uefi variables in flash
> directly, and the firmware can't stop it.
Understood. Thanks for the clarification and thanks for sharing your knowledge
throughout this thread!
Regards,
Jim
More information about the libvir-list
mailing list