[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM r
From: |
Michael S. Tsirkin |
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest |
Date: |
Thu, 15 Sep 2016 00:09:49 +0300 |
On Wed, Sep 14, 2016 at 10:38:58PM +0200, Paolo Bonzini wrote:
>
>
> On 14/09/2016 22:29, Brijesh Singh wrote:
> >> Does the guest have to check the measured data (e.g. with a hash) too,
> >> to check that it hasn't been tampered with outside the secure
> >> processor's control? Of course this would result in garbage written to
> >> the modified page, but that might be a valid attack vector.
> >
> > Guest does not need to check the measurement.
>
> Can you explain why not?
>
> Paolo
For example, guest can boot in a secure environment and then be migrated
to cloud. In fact that seems much easier to manage than all the hash
based stuff.
--
MST
- Re: [Qemu-devel] [RFC PATCH v1 05/22] i386: add new option to enable SEV guest, (continued)
[Qemu-devel] [RFC PATCH v1 07/22] sev: add SEV launch start command, Brijesh Singh, 2016/09/13
[Qemu-devel] [RFC PATCH v1 12/22] sev: add SEV guest status command, Brijesh Singh, 2016/09/13
[Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Brijesh Singh, 2016/09/13
Message not available
Re: [Qemu-devel] [RFC PATCH v1 00/22] x86: Secure Encrypted Virtualization (AMD), Michael S. Tsirkin, 2016/09/13