[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] libvirt/QEMU/SEV interaction
|
From: |
Dr. David Alan Gilbert |
|
Subject: |
Re: [Qemu-devel] libvirt/QEMU/SEV interaction |
|
Date: |
Wed, 18 Oct 2017 20:18:48 +0100 |
|
User-agent: |
Mutt/1.9.1 (2017-09-22) |
* Michael S. Tsirkin (address@hidden) wrote:
> On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> > > > > 11. GO verifies the measurement and if measurement matches then
> > > > it may
> > > > > give a secret blob -- which must be injected into the guest
> > > > before
> > > > > libvirt starts the VM. If verification failed, GO will request
> > > > cloud
> > > > > provider to destroy the VM.
>
> I realised I'm missing something here: how does GO limit the
> secret to the specific VM? For example, what prevents hypervisor
> from launching two VMs with the same GO's DH, getting measurement
> from 1st one but injecting the secret into the second one?
Isn't that the 'trusted channel nonce currently associated with the
guest' in the guest context?
Dave
> Thanks,
>
> --
> MST
>
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK