From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: Verifying Execution Integrity in Untrusted hypervisors
Date: Fri, 25 Jul 2014 22:52:04 +0200
Message-ID: <53D2C374.5050500@redhat.com>
References: <loom.20140725T215916-638@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
To: Shiva V <shivaramakrishnan740@gmail.com>, kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-we0-f170.google.com ([74.125.82.170]:63736 "EHLO
	mail-we0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752279AbaGYUwL (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 25 Jul 2014 16:52:11 -0400
Received: by mail-we0-f170.google.com with SMTP id w62so4871368wes.15
        for <kvm@vger.kernel.org>; Fri, 25 Jul 2014 13:52:10 -0700 (PDT)
In-Reply-To: <loom.20140725T215916-638@post.gmane.org>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Il 25/07/2014 22:11, Shiva V ha scritto:
> 5. Underlying hypervisor is untrusted.
> 
> Can anyone please shed any direction to proceed.I am stuck here.
> Anytime I try to make a progress, I get back to the loop where 
> vcpu and the address translations from the guest virtual pages to host
> physical pages is handled by the hypervisor and this can be altered.

If the hypervisor is untrusted, the game is over.

You could not do this on an untrusted processor, the hypervisor is the
same thing.

Paolo