|
From: | Brijesh Singh |
Subject: | Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest |
Date: | Wed, 14 Sep 2016 16:24:18 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 09/14/2016 03:38 PM, Paolo Bonzini wrote:
Paolo, this is good question, I will check this internally and come back to you.On 14/09/2016 22:29, Brijesh Singh wrote:Does the guest have to check the measured data (e.g. with a hash) too, to check that it hasn't been tampered with outside the secure processor's control? Of course this would result in garbage written to the modified page, but that might be a valid attack vector.Guest does not need to check the measurement.Can you explain why not?
Paolo
[Prev in Thread] | Current Thread | [Next in Thread] |