[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real m
From: |
Michael S. Tsirkin |
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode Message-ID: <address@hidden> |
Date: |
Wed, 21 Sep 2016 21:00:47 +0300 |
On Wed, Sep 14, 2016 at 10:58:08AM +0200, Paolo Bonzini wrote:
>
>
> On 14/09/2016 04:33, Michael S. Tsirkin wrote:
> > Frankly I don't understand why do you need to mess with boot at all.
> > Quoting the cover letter:
> >
> > SEV is designed to protect guest VMs from a benign but vulnerable
> > (i.e. not fully malicious) hypervisor. In particular, it reduces the
> > attack
> > surface of guest VMs and can prevent certain types of VM-escape bugs
> > (e.g. hypervisor read-anywhere) from being used to steal guest data.
> >
> > it seems highly unlikely that any secret data is used during boot.
> > So just let guest boot normally, and encrypt afterwards.
> >
> > Even assuming there are some guests that have secret data during boot,
> > I would first upstream the main part of the feature for normal guests,
> > then weight the extra security if any against the features and
> > performance lost (like slower boot times).
>
> If you can't trust boot, any encryption done afterwards is totally
> pointless.
>
> Paolo
You trust hypervisor anyway, it's all mitigation, being about making
attacks harder, isn't it? So if the attack has to happen in the window
when guest boots within BIOS, that might be good enough. Or just don't
boot in the cloud, move guest there after boot.
--
MST
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, (continued)
- [Qemu-devel] [RFC PATCH v1 08/22] sev: add SEV launch update command, Brijesh Singh, 2016/09/13
- [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Brijesh Singh, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Paolo Bonzini, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Michael S. Tsirkin, 2016/09/21
- Re: [Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Brijesh Singh, 2016/09/21
[Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Brijesh Singh, 2016/09/13