qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM r


From: Michael S. Tsirkin
Subject: Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest
Date: Thu, 15 Sep 2016 00:09:49 +0300

On Wed, Sep 14, 2016 at 10:38:58PM +0200, Paolo Bonzini wrote:
> 
> 
> On 14/09/2016 22:29, Brijesh Singh wrote:
> >> Does the guest have to check the measured data (e.g. with a hash) too,
> >> to check that it hasn't been tampered with outside the secure
> >> processor's control?  Of course this would result in garbage written to
> >> the modified page, but that might be a valid attack vector.
> > 
> > Guest does not need to check the measurement.
> 
> Can you explain why not?
> 
> Paolo

For example, guest can boot in a secure environment and then be migrated
to cloud. In fact that seems much easier to manage than all the hash
based stuff.

-- 
MST



reply via email to

[Prev in Thread] Current Thread [Next in Thread]