[coreboot] Patch merged into coreboot/master: 3f49a21 Remove code that enables/disables VMX in coreboot on chromebooks.
gerrit at coreboot.org
gerrit at coreboot.org
Tue Jul 24 06:55:00 CEST 2012
the following patch was just integrated into master:
commit 3f49a21848c62581852fe5de99a65a094c92c212
Author: Ronald G. Minnich <rminnich at chromium.org>
Date: Tue Jun 5 14:08:10 2012 -0700
Remove code that enables/disables VMX in coreboot on chromebooks.
There are several reasons for this:
1. It's a core setting, not a platform setting, which is bizarre. But,
we disable vmx via an SMI, and that only happens on core 0.
Hence, the code did not correctly make the same settings on all cores-
one had them disabled, the others were in an unknown state.
When (e.g.) kvm started on a vmx-enabled core, then moved to a
vmx-disabled core, the processor would reset *very* quickly.
Changing this would be messy.
2. On the CPU on link, there is something about trying to set the lock
bit that is getting a GPF.
3. It's the wrong place and time to set it. Once controlled, they can't
be changed in the kernel. The kernel is what should control this
feature, not the BIOS, as we have learned time and time again. If
somebody is in as root and can start a VM, you have a lot more to
worry about than someone starting a guest virtual machine.
Change-Id: I4f36093f1b68207251584066ccb9a6bcfeec767e
Signed-off-by: Ronald G. Minnich <rminnich at chromium.org>
Build-Tested: build bot (Jenkins) at Tue Jul 24 02:58:53 2012, giving +1
Reviewed-By: Ronald G. Minnich <rminnich at gmail.com> at Tue Jul 24 06:54:59 2012, giving +2
See http://review.coreboot.org/1276 for details.
-gerrit
More information about the coreboot
mailing list