[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command |
Date: |
Wed, 14 Sep 2016 16:14:04 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 14/09/2016 16:08, Eduardo Habkost wrote:
>> > If attacker can trigger things, IOW execute code in hypervisor,
>> > then encrypting memory is not useful anyway.
> I believe the whole point of SEV attestation and key management
> is to make "if attacker can executed code in hypervisor,
> encrypting memory is not useful" _not_ true, isn't it?
>
> Or are there known vulnerabilities that would allow a compromised
> hypervisor to decrypt memory even after successful
> encryption+attestation?
There are countless side channels that you can use but you have to start
somewhere, and anyway a side channel attack is way way more complex than
just "trigger a debug dump and read it".
Paolo
- [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, (continued)
- [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Brijesh Singh, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command,
Paolo Bonzini <=
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Eduardo Habkost, 2016/09/15
- Re: [Qemu-devel] [PATCH v2] virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices, Michael S. Tsirkin, 2016/09/14