From: Jan Kiszka <jan.kiszka@siemens.com>
To: "Nakajima, Jun" <jun.nakajima@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: Joel Schopp <joel.schopp@amd.com>,
Shiva V <shivaramakrishnan740@gmail.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Subject: Re: Verifying Execution Integrity in Untrusted hypervisors
Date: Tue, 29 Jul 2014 07:35:51 +0200 [thread overview]
Message-ID: <53D732B7.4030706@siemens.com> (raw)
In-Reply-To: <CAL54oT3rCskbh0Dik3v3Pgvu4GZyve_nGr=+wT+LuvwohOZwOw@mail.gmail.com>
On 2014-07-28 23:17, Nakajima, Jun wrote:
> On Mon, Jul 28, 2014 at 1:27 PM, Paolo Bonzini <pbonzini@redhat.com> wrote:
>> Il 28/07/2014 20:31, Jan Kiszka ha scritto:
>>> The hypervisor has full control of and insight into the guest vCPU
>>> state. Only protecting some portions of guest memory seems insufficient.
>>>
>>> We rather need encryption of every data that leaves the CPU or moves
>>> from guest to host mode (and decryption the other way around). I guess
>>> that would have quite some performance impact and is far from being easy
>>> to integrate into modern processors. But, who knows...
>>
>> Intel SGX sounds somewhat like what you describe, but I'm not sure how
>> it's going to be virtualized.
>>
>
> Right. It's possible to virtualize (or pass-through) SGX without
> losing the security feature.
Interesting thing. Somehow missed this so far. Fairly complicated one,
though. Still trying to wrap my head around how attestation practically
works.
> With SGX, you can create secure (encrypted) islands on processes in
> VMs as well. But I'm not sure if it's useful for solving the problem
> described.
Huh? I thought remote attestation is a key feature of SGX? That is, to
my understanding, what Shiva is looking for (though on current hardware,
which remains infeasible unfortunately).
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2014-07-29 5:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-25 20:11 Verifying Execution Integrity in Untrusted hypervisors Shiva V
2014-07-25 20:52 ` Paolo Bonzini
[not found] ` <CAAQucXZWvbE0MJyEEeo=6hkwBJi0WkmixcuCzGEXLaZX1+6ziQ@mail.gmail.com>
2014-07-25 22:06 ` Paolo Bonzini
2014-07-26 19:56 ` Andrey Korolyov
2014-07-28 17:17 ` Joel Schopp
2014-07-28 18:31 ` Jan Kiszka
2014-07-28 20:27 ` Paolo Bonzini
2014-07-28 21:17 ` Nakajima, Jun
2014-07-29 5:35 ` Jan Kiszka [this message]
2014-07-31 18:25 ` Shiva V
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53D732B7.4030706@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=joel.schopp@amd.com \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=shivaramakrishnan740@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox