[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support
|
From: |
Michael S. Tsirkin |
|
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support |
|
Date: |
Wed, 14 Sep 2016 23:23:38 +0300 |
On Wed, Sep 14, 2016 at 01:46:09PM -0500, Brijesh Singh wrote:
> 7) Guest owner validates the measurement. If measurement matches then we are
> good to launch the guest. This should ensure that bootcode was not
> compromised by hypervisor.
As hypervisor can e.g. execute said code in any order (without touching
protected memory) this seems rather like adding asserts in code at
random points. Frankly if one is so worried about the boot sequence,
just send an already booted guest to the cloud provider.
But anyway, that's beside the point. My point is that all this
measurement dance is orthogonal to memory encryption.
It happens to be part of the same AMD CPU, but it
might not be on other CPUs, and I don't see why
should command line/QOM APIs tie us to what AMD did.
--
MST
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, (continued)
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Brijesh Singh, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Michael S. Tsirkin, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Eduardo Habkost, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Eduardo Habkost, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Daniel P. Berrange, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support,
Michael S. Tsirkin <=
Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support, Daniel P. Berrange, 2016/09/14
[Qemu-devel] [RFC PATCH v1 18/22] i386: clear C-bit in SEV guest page table walk, Brijesh Singh, 2016/09/13
[Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region, Brijesh Singh, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region, Paolo Bonzini, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region, Paolo Bonzini, 2016/09/14