From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <berrange@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 21 Feb 2017 17:33:59 +0100 (CET)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
 (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 45E1B61BB9
 for <dm-crypt@saout.de>; Tue, 21 Feb 2017 16:33:59 +0000 (UTC)
Received: from redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196])
 by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 v1LGXtsN020656
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <dm-crypt@saout.de>; Tue, 21 Feb 2017 11:33:58 -0500
Date: Tue, 21 Feb 2017 16:33:54 +0000
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20170221163354.GM17041@redhat.com>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
References: <517282b9-becc-aa96-602a-9b6f603d01f1@rocketmail.com>
 <20170221135807.GI17041@redhat.com>
 <20170221162124.GA22918@tansi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20170221162124.GA22918@tansi.org>
Subject: Re: [dm-crypt] General question: Encrypytion on virtual servers
 (VPS/Vserver)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Tue, Feb 21, 2017 at 05:21:24PM +0100, Arno Wagner wrote:
> On Tue, Feb 21, 2017 at 14:58:07 CET, Daniel P. Berrange wrote:
> > On Tue, Feb 21, 2017 at 02:42:51PM +0100, michaelof@rocketmail.com wrote:
> [...]
> > If the attacker has access to the physical host while your VM is running,
> > then (with current hardware) there is essentially nothing you can do to
> > prevent a skilled person getting your master key out of VM memory. AMD
> > recently announced a memory encryption feature that might make it possible
> > to protect guest keys from a host attacker, but its still very early days
> > in its developement & integration into virtualization technology, so a very
> > long way off being available in any public hosting provider.
> 
> I think this is more about proteching VMs from each other than 
> from the Hypervisor, think memory deduplication, copy-on-write
> and caches that leak information from one VM to another.

Protecting the VM from the host is very much in scope of what AMD
is aiming to achieve with its SEV technology & KVM. The impl it
isn't there yet, but it is one of the intended targets.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|