From: Joanna Rutkowska <joanna@invisiblethingslab.com>
To: kvm@vger.kernel.org
Subject: A few KVM security questions
Date: Mon, 07 Dec 2009 14:05:23 +0100 [thread overview]
Message-ID: <4B1CFD93.7090307@invisiblethingslab.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1968 bytes --]
Hello,
I have the following questions regarding the KVM architecture. I looked
at the slides available at linux-kvm.org, but didn't find definitive
answers. I'm also interested to learn if given feature is or is not
planned for the near future.
The questions follow:
1) Do you have any support for para-virtualized VMs? In particular, is
it possible to move the qemu from the host to one of the VMs? Perhaps to
have a separate copy of qemu for each VM? (ala Xen's stub-domains)
2) Is it possible to have driver domains in KVM? E.g. I would like to
assign my NIC to one VM (a "network domain") and then I would like other
domains to use this network domain for networking. In case of Xen, this
is done by moving the network backend (which is not qemu BTW) into the
network domain, and configuring the network frontends in other VMs to
talk to this network domain's backend, rather then to Dom0's backend (in
fact you can get rid of all the networking in Dom0).
3) Do you have any support for TXT-based trusted boot? I guess you
indirectly have via tboot. However, how do you deal with VT-d
protections? The tboot.gz should normally DMA-protect memory before
handing execution over to Linux kernel. But then you need to allow your
drivers to work. Do you unprotect all the memory for DMA, or do you have
some support for selectively unprotect only those regions of memory
which are needed by (some) drivers? If the latter, how do you determine
which memory should be DMA-unprotected?
4) Do you have some method of excluding particular PCI devices from
being initialized by your host Linux? E.g. those devices that are later
to be assigned to some VMs (via VT-d passthrough)?
Thanks, I would appreciate any answers. Please note I'm not subscribed
to the list, so won't get your response if sent only to the list.
Regards,
joanna.
--
Joanna Rutkowska
Founder/CEO
Invisible Things Lab
http://invisiblethingslab.com/
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 163 bytes --]
next reply other threads:[~2009-12-07 13:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-07 13:05 Joanna Rutkowska [this message]
2009-12-07 13:17 ` A few KVM security questions Avi Kivity
2009-12-07 13:30 ` Joanna Rutkowska
2009-12-07 13:38 ` Avi Kivity
2009-12-07 14:06 ` Joanna Rutkowska
2009-12-07 14:09 ` Avi Kivity
2009-12-07 16:44 ` Anthony Liguori
2009-12-07 17:09 ` Joanna Rutkowska
2009-12-07 17:13 ` Avi Kivity
2009-12-07 17:15 ` Joanna Rutkowska
2009-12-07 17:18 ` Avi Kivity
2009-12-07 17:33 ` Joanna Rutkowska
2009-12-07 18:34 ` Avi Kivity
2009-12-09 10:43 ` Pasi Kärkkäinen
2009-12-07 17:38 ` Anthony Liguori
2009-12-07 17:45 ` Joanna Rutkowska
[not found] ` <20091207181556.GM4679@tyrion.haifa.ibm.com>
2009-12-07 19:58 ` Anthony Liguori
2009-12-07 17:33 ` Anthony Liguori
2009-12-07 17:58 ` Joanna Rutkowska
2009-12-07 17:47 ` Daniel P. Berrange
2009-12-07 13:55 ` Joanna Rutkowska
2009-12-07 14:01 ` Avi Kivity
2009-12-07 16:47 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B1CFD93.7090307@invisiblethingslab.com \
--to=joanna@invisiblethingslab.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox