[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC v2 00/18] Refactor configuration of guest memory protection
|
From: |
Thiago Jung Bauermann |
|
Subject: |
Re: [RFC v2 00/18] Refactor configuration of guest memory protection |
|
Date: |
Thu, 04 Jun 2020 01:39:22 -0300 |
|
User-agent: |
mu4e 1.2.0; emacs 26.3 |
Hello David,
David Gibson <david@gibson.dropbear.id.au> writes:
> A number of hardware platforms are implementing mechanisms whereby the
> hypervisor does not have unfettered access to guest memory, in order
> to mitigate the security impact of a compromised hypervisor.
>
> AMD's SEV implements this with in-cpu memory encryption, and Intel has
> its own memory encryption mechanism. POWER has an upcoming mechanism
> to accomplish this in a different way, using a new memory protection
> level plus a small trusted ultravisor. s390 also has a protected
> execution environment.
>
> The current code (committed or draft) for these features has each
> platform's version configured entirely differently. That doesn't seem
> ideal for users, or particularly for management layers.
>
> AMD SEV introduces a notionally generic machine option
> "machine-encryption", but it doesn't actually cover any cases other
> than SEV.
>
> This series is a proposal to at least partially unify configuration
> for these mechanisms, by renaming and generalizing AMD's
> "memory-encryption" property. It is replaced by a
> "guest-memory-protection" property pointing to a platform specific
> object which configures and manages the specific details.
>
> For now this series covers just AMD SEV and POWER PEF. I'm hoping it
Thank you very much for this series! Using a machine property is a nice
way of configuring this.
>From an end-user perspective, `-M pseries,guest-memory-protection` in
the command line already expresses everything that QEMU needs to know,
so having to add `-object pef-guest,id=pef0` seems a bit redundant. Is
it possible to make QEMU create the pef-guest object behind the scenes
when the guest-memory-protection property is specified?
Regardless, I was able to successfuly launch POWER PEF guests using
these patches:
Tested-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
> can be extended to cover the Intel and s390 mechanisms as well,
> though.
>
> Note: I'm using the term "guest memory protection" throughout to refer
> to mechanisms like this. I don't particular like the term, it's both
> long and not really precise. If someone can think of a succinct way
> of saying "a means of protecting guest memory from a possibly
> compromised hypervisor", I'd be grateful for the suggestion.
Is "opaque guest memory" any better? It's slightly shorter, and slightly
more precise about what the main characteristic this guest property conveys.
--
Thiago Jung Bauermann
IBM Linux Technology Center
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Dr. David Alan Gilbert, 2020/06/01
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection,
Thiago Jung Bauermann <=
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, David Gibson, 2020/06/04
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Thiago Jung Bauermann, 2020/06/04
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Paolo Bonzini, 2020/06/04
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Thiago Jung Bauermann, 2020/06/04
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Paolo Bonzini, 2020/06/04
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Thiago Jung Bauermann, 2020/06/05
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, David Gibson, 2020/06/06
- Re: [RFC v2 00/18] Refactor configuration of guest memory protection, Thiago Jung Bauermann, 2020/06/08
Re: [RFC v2 00/18] Refactor configuration of guest memory protection, David Gibson, 2020/06/04