[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command |
|
Date: |
Wed, 14 Sep 2016 15:07:58 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 14/09/2016 15:05, Michael S. Tsirkin wrote:
> I assumed that with debug on, memory is still encrypted but the
> hypervisor can break encryption, and as the cover letter states, the
> hypervisor is assumed benign. If true I don't see a need to
> give users more rope.
The hypervisor is assumed benign but vulnerable.
So, if somebody breaks the hypervisor, you would like to make it as hard
as possible for the attacker to do evil stuff to the guests. If the
attacker can just ask the secure processor "decrypt some memory for me",
then the encryption is effectively broken.
Paolo
- Re: [Qemu-devel] [RFC PATCH v1 13/22] hmp: update 'info kvm' to display SEV status, (continued)
- [Qemu-devel] [RFC PATCH v1 14/22] sev: provide SEV-enabled guest RAM read/write ops, Brijesh Singh, 2016/09/13
- [Qemu-devel] [RFC PATCH v1 02/22] cpu-common: add debug version of physical memory read/write, Brijesh Singh, 2016/09/13
- [Qemu-devel] [RFC PATCH v1 09/22] sev: add SEV launch finish command, Brijesh Singh, 2016/09/13
- [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Brijesh Singh, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command,
Paolo Bonzini <=
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14