[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command |
|
Date: |
Wed, 14 Sep 2016 18:53:22 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 14/09/2016 17:02, Michael S. Tsirkin wrote:
> If you believe there are attackers that have access to the
> monitor and nothing else, then a feature to disable debugging
> is a generally useful one. But once we merge sev patchset then of course
> sev people disappear and it will be up to others to make it
> work on non-amd CPUs.
>
> Another is to help merge other parts faster. E.g. looking at what
> Daniel writes, the feature might have been over-sold so people will
> disable debugging thinking this will prevent all active attacks. Thus we
> now need to add good documentation so people know what they can actually
> expect to get from QEMU in return for disabling debugging. Why not merge
> the simple "encrypt memory part" while this documentation work is going
> on?
Encrypting memory makes no sense if anyone can ask to decrypt it. And
I'm not even sure how force-enabling debug r/w, which is literally a
single bit set in the feature register, would make the patchset simpler.
If anything, as I said already, it would make the patchset simpler to
force-*disable* it, since you don't need to introduce debug hooks that
go through the secure processor.
Paolo
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, (continued)
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [PATCH v2] virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command,
Paolo Bonzini <=
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command, Michael S. Tsirkin, 2016/09/14
[Qemu-devel] [RFC PATCH v1 08/22] sev: add SEV launch update command, Brijesh Singh, 2016/09/13
[Qemu-devel] [RFC PATCH v1 20/22] fw_cfg: sev: disable dma in real mode, Brijesh Singh, 2016/09/13