RE: [Xen-ia64-devel] Time for hybrid virtualization?
Quoting "Xu, Anthony" <anthony.xu@xxxxxxxxx>:
> tgingold@xxxxxxx wrote:
> > I am worried with Sal/Pal. How do you prevent dom0 from making host
> > PAL calls?
> We have handled this before in a private project.
> Xen can know the pal_entry and sal_entry from the system_table,
> There are two methods to intercept them.
> 1. change the pal_entry and sal_entry of system_table to faked entry
> 2. patch pal_entry and sal_entry code to jump to a faked code sequence.
> Method 2 is more secure, because native FW may store pal_entry and
> sal_entry at other place.
Let's forget method 1.
With method 2, I suppose a copy is created first (ie, you don't patch the
host pal). I am not sure there is no direct call from EFI that bypass the
Xen-ia64-devel mailing list