Re: [Qemu-devel] [PATCH] mark nic as trusted

[Blue Swirl]

On 1/11/09, Jamie Lokier <address@hidden> wrote:
>  > But we also have to think about how to support newer platforms and newer
>  > kernels and this will often mean that we have to make intrusive changes
>  > so that the integration makes everyone happy.  This does not mean that
>  > we cannot support older platforms though, we just have to do it a little
>  > differently on the older platforms.
>
>  Sure, but don't make it _deliberately_ hard to support
>  older/obscure/can't-compile-a-kernel-module guests by designing
>  something that's obviously going to require a totally different
>  mechanism on those other guests.  It would make it unnecessarily hard
>  to integrate diverse guests with management apps from different
>  authors if they do adopt the vmchannel mechanism.

I think a serial port device should be universally supported by any OS
and it's portable to many systems. Older OS may accidentally enable
forwarding between the trusted nic and other nics, this doesn't happen
with serial lines.

About the overall idea of host marking something as trusted, here are
some alternative ideas:
- guest could ask for a trusted channel and then the host would create one
- guest could ask the host to list the trusted devices
- on guest's request, host can cut an existing device from outside
world and start using that as the trusted one