Re: [Qemu-devel] libvirt/QEMU/SEV interaction

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] libvirt/QEMU/SEV interaction

From:	Michael S. Tsirkin
Subject:	Re: [Qemu-devel] libvirt/QEMU/SEV interaction
Date:	Wed, 18 Oct 2017 07:21:51 +0300

On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> > >      > 11. GO verifies the measurement and if measurement matches then it 
> > > may
> > >      >  give a secret blob -- which must be injected into the guest before
> > >      >  libvirt starts the VM. If verification failed, GO will request 
> > > cloud
> > >      >  provider to destroy the VM.

I realised I'm missing something here: how does GO limit the
secret to the specific VM? For example, what prevents hypervisor
from launching two VMs with the same GO's DH, getting measurement
from 1st one but injecting the secret into the second one?

Thanks,

-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Laszlo Ersek, 2017/10/01
- Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Laszlo Ersek, 2017/10/01
  - Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Brijesh Singh, 2017/10/03
- Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Daniel P. Berrange, 2017/10/02
- Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Daniel P. Berrange, 2017/10/02
- Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Michael S. Tsirkin <=
  - Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Dr. David Alan Gilbert, 2017/10/18
    - Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Michael S. Tsirkin, 2017/10/18
    - Re: [Qemu-devel] libvirt/QEMU/SEV interaction, Richard Relph, 2017/10/20

Prev by Date: Re: [Qemu-devel] [PATCH v6 23/50] hack dump tb->flags and tb->cflags
Next by Date: Re: [Qemu-devel] [PATCH v2] hw/alpha/typhoon: simplify using the "unimplemented" sysbus device
Previous by thread: Re: [Qemu-devel] libvirt/QEMU/SEV interaction
Next by thread: Re: [Qemu-devel] libvirt/QEMU/SEV interaction
Index(es):
- Date
- Thread