[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v7 02/13] confidential guest support: Introduce new confident
|
From: |
David Gibson |
|
Subject: |
Re: [PATCH v7 02/13] confidential guest support: Introduce new confidential guest support class |
|
Date: |
Fri, 29 Jan 2021 13:32:09 +1100 |
On Thu, Jan 21, 2021 at 09:08:07AM +0000, Dr. David Alan Gilbert wrote:
> * David Gibson (david@gibson.dropbear.id.au) wrote:
> > On Mon, Jan 18, 2021 at 06:51:24PM +0000, Dr. David Alan Gilbert wrote:
> > > * David Gibson (david@gibson.dropbear.id.au) wrote:
> > > > Several architectures have mechanisms which are designed to protect
> > > > guest
> > > > memory from interference or eavesdropping by a compromised hypervisor.
> > > > AMD
> > > > SEV does this with in-chip memory encryption and Intel's MKTME can do
> > > ^^^^^
> > > (and below) My understanding is that it's Intel TDX that's the VM
> > > equivalent.
> >
> > I thought MKTME could already do memory encryption and TDX extended
> > that to... more? I'll adjust the comment to say TDX anyway, since
> > that seems to be the newer name.
>
> My understanding was MKTME does the memory encryption, but doesn't
> explicitly wire that into VMs or attestation of VMs or anything like
> that. TDX wires that encryption to VMs and provides all the other glue
> that goes with attestation and the like.
Ok.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
[PATCH v7 01/13] qom: Allow optional sugar props, David Gibson, 2021/01/13
[PATCH v7 03/13] sev: Remove false abstraction of flash encryption, David Gibson, 2021/01/13
[PATCH v7 07/13] confidential guest support: Introduce cgs "ready" flag, David Gibson, 2021/01/13