qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command


From: Paolo Bonzini
Subject: Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command
Date: Wed, 14 Sep 2016 15:07:58 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0


On 14/09/2016 15:05, Michael S. Tsirkin wrote:
> I assumed that with debug on, memory is still encrypted but the
> hypervisor can break encryption, and as the cover letter states, the
> hypervisor is assumed benign. If true I don't see a need to
> give users more rope.

The hypervisor is assumed benign but vulnerable.

So, if somebody breaks the hypervisor, you would like to make it as hard
as possible for the attacker to do evil stuff to the guests.  If the
attacker can just ask the secure processor "decrypt some memory for me",
then the encryption is effectively broken.

Paolo



reply via email to

[Prev in Thread] Current Thread [Next in Thread]