From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Tue, 21 Feb 2017 19:14:55 +0100 (CET)
Received: from gatewagner.dyndns.org (77-56-144-126.dclient.hispeed.ch
 [77.56.144.126]) by v1.tansi.org (Postfix) with ESMTPA id DE031140227
 for <dm-crypt@saout.de>; Tue, 21 Feb 2017 19:14:55 +0100 (CET)
Date: Tue, 21 Feb 2017 19:14:54 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20170221181454.GA25185@tansi.org>
References: <517282b9-becc-aa96-602a-9b6f603d01f1@rocketmail.com>
 <20170221135807.GI17041@redhat.com>
 <20170221162124.GA22918@tansi.org>
 <20170221163354.GM17041@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170221163354.GM17041@redhat.com>
Subject: Re: [dm-crypt] General question: Encrypytion on virtual servers
 (VPS/Vserver)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Tue, Feb 21, 2017 at 17:33:54 CET, Daniel P. Berrange wrote:
> On Tue, Feb 21, 2017 at 05:21:24PM +0100, Arno Wagner wrote:
> > On Tue, Feb 21, 2017 at 14:58:07 CET, Daniel P. Berrange wrote:
> > > On Tue, Feb 21, 2017 at 02:42:51PM +0100, michaelof@rocketmail.com wrote:
> > [...]
> > > If the attacker has access to the physical host while your VM is running,
> > > then (with current hardware) there is essentially nothing you can do to
> > > prevent a skilled person getting your master key out of VM memory. AMD
> > > recently announced a memory encryption feature that might make it possible
> > > to protect guest keys from a host attacker, but its still very early days
> > > in its developement & integration into virtualization technology, so a very
> > > long way off being available in any public hosting provider.
> > 
> > I think this is more about proteching VMs from each other than 
> > from the Hypervisor, think memory deduplication, copy-on-write
> > and caches that leak information from one VM to another.
> 
> Protecting the VM from the host is very much in scope of what AMD
> is aiming to achieve with its SEV technology & KVM. The impl it
> isn't there yet, but it is one of the intended targets.

Well, _marketing_ may have put it in scope, but I very much 
doubt they can do it (because it is basically infeasible 
without taking control of the CPU away from its owner) and 
I expect AMD _engineering_ knows that.

Regards,
Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier