qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command


From: Paolo Bonzini
Subject: Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command
Date: Wed, 14 Sep 2016 21:58:25 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0


On 14/09/2016 21:24, Michael S. Tsirkin wrote:
> Well limited protection is of a limited use :) Seriously, the point of
> mitigation should be blocking classes of vulenrabilities not making
> things more complex.

No, not at all.  The point of _mitigation_ is to _mitigate_ the danger
from classes of vulnerabilities, i.e. make the attack harder though
perhaps not ultimately impossible.

>> If the adversary is passive and cannot ask anything is it even an
>> adversary?  Why do you need encryption at all if you can't even ptrace QEMU?
> 
> The cover letter mentioned a read everything adversary.
> How do you read everything? Well, you probably don't but
> there could be attacks that cause kernel to leak
> contents of random memory to an attacker.

Ok, it doesn't seem too useful.

> On the software side, we should try to
> push for enabling features independently, this way more
> hardware can benefit.

We can have an "unencrypted" sev-policy that only has limited
functionality such as disabling debug.  So you could disable debug with

 -object sev-policy-unencrypted,debug=false,id=mypolicy \
 -machine ...,sev-policy=mypolicy

Paolo



reply via email to

[Prev in Thread] Current Thread [Next in Thread]