From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christian Leber Subject: Re: Academic Project Date: Wed, 4 Mar 2009 01:55:36 +0100 Message-ID: <20090304005536.GA1450@core> References: <20090303225412.GA26841@core> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: dinesh chandrasekaran Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On Wed, Mar 04, 2009 at 06:00:40AM +0530, dinesh chandrasekaran wrote: Hi dinesh > 1) dom0 is another linux kernel which runs in ring 3 (IA64) along with > other guests with more privileges. > 2) It runs the management tools (xm) which is the point of user > interaction for desktop virtualization. > Hence the goal is to protect the guest memory/state from compromised dom0. That implies the protection hardware is not controlled by the dom0 and there is another more secure way for the administration of it and second that the dom0 can't do anything. The dom0 can afaik do basically anything, so it also can claim "i'm secure domU No. 2 and i want my data!", furthermore the dom0 should also be able to overwrite the xen kernel. > By the way, I'm sorry I use PCIe board and not PCI . Does not matter, it has the same latency, you'll get 10-20 MB/s memory performance. Christian