From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: Verifying Execution Integrity in Untrusted hypervisors
Date: Mon, 28 Jul 2014 22:27:44 +0200
Message-ID: <53D6B240.9090607@redhat.com>
References: <loom.20140725T215916-638@post.gmane.org> <53D68593.6020803@amd.com> <53D696E4.50608@siemens.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
To: Jan Kiszka <jan.kiszka@siemens.com>,
	Joel Schopp <joel.schopp@amd.com>,
	Shiva V <shivaramakrishnan740@gmail.com>, kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-wg0-f51.google.com ([74.125.82.51]:59797 "EHLO
	mail-wg0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750921AbaG1U1u (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 28 Jul 2014 16:27:50 -0400
Received: by mail-wg0-f51.google.com with SMTP id b13so7817798wgh.34
        for <kvm@vger.kernel.org>; Mon, 28 Jul 2014 13:27:49 -0700 (PDT)
In-Reply-To: <53D696E4.50608@siemens.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Il 28/07/2014 20:31, Jan Kiszka ha scritto:
> The hypervisor has full control of and insight into the guest vCPU
> state. Only protecting some portions of guest memory seems insufficient.
> 
> We rather need encryption of every data that leaves the CPU or moves
> from guest to host mode (and decryption the other way around). I guess
> that would have quite some performance impact and is far from being easy
> to integrate into modern processors. But, who knows...

Intel SGX sounds somewhat like what you describe, but I'm not sure how
it's going to be virtualized.

Paolo