From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49563) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkAJ2-0002bz-95 for qemu-devel@nongnu.org; Wed, 14 Sep 2016 09:32:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bkAIx-0003I1-GU for qemu-devel@nongnu.org; Wed, 14 Sep 2016 09:32:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35402) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkAIx-0003Hn-9O for qemu-devel@nongnu.org; Wed, 14 Sep 2016 09:32:47 -0400 Date: Wed, 14 Sep 2016 16:32:44 +0300 From: "Michael S. Tsirkin" Message-ID: <20160914163045-mutt-send-email-mst@kernel.org> References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine> <147377810767.11859.4668503556528840901.stgit@brijesh-build-machine> <20160914052034-mutt-send-email-mst@kernel.org> <4f4370ee-bc29-3427-7e6e-a18d50c27ffc@redhat.com> <20160914155913-mutt-send-email-mst@kernel.org> <0fd3cbb9-9e46-9373-e989-acb45b56e8a9@redhat.com> <20160914132314.GR28399@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160914132314.GR28399@redhat.com> Subject: Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: Paolo Bonzini , Brijesh Singh , ehabkost@redhat.com, crosthwaite.peter@gmail.com, p.fedin@samsung.com, qemu-devel@nongnu.org, armbru@redhat.com, lcapitulino@redhat.com, rth@twiddle.net On Wed, Sep 14, 2016 at 02:23:14PM +0100, Daniel P. Berrange wrote: > On Wed, Sep 14, 2016 at 03:07:58PM +0200, Paolo Bonzini wrote: > > > > > > On 14/09/2016 15:05, Michael S. Tsirkin wrote: > > > I assumed that with debug on, memory is still encrypted but the > > > hypervisor can break encryption, and as the cover letter states, the > > > hypervisor is assumed benign. If true I don't see a need to > > > give users more rope. > > > > The hypervisor is assumed benign but vulnerable. > > > > So, if somebody breaks the hypervisor, you would like to make it as hard > > as possible for the attacker to do evil stuff to the guests. If the > > attacker can just ask the secure processor "decrypt some memory for me", > > then the encryption is effectively broken. > > So there's going to be a tradeoff here between use of SEV and use of > certain other features. eg, it seems that if you're using SEV, then > any concept of creating & analysing guest core dumps from the host > is out. I don't see why - as long as we don't trigger dumps, there's no leak :) > It seems that SEV on its own is insufficient - there is at least some > interaction with storage. eg merely running a guest with SEV is not > going to guarantee security if the guest OS is able to swap out to a > non-encrypted disk. You could run LUKS inside the guest but that has > a number of downsides. How to provide the decryption key for LUKS > at startup without guest admin interaction. Then there is the issue > that if you take snapshots of the guest disk in the host, this is > weakening the security of LUKS, since you're keeping around copies > of the same logical guest sector with different contents which > allows for improve crytoanalysis. These are reasons for using LUKS > on the host instead of in the guest, but then the decryption kjeys > for LUKS are in the QEMU process in memory which is (IIUC) not going > to be protected by SEV ? Unles there's a way for QEMU to do allocations > which are SEV protected for its own purposes ? > > Regards, > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| > |: http://libvirt.org -o- http://virt-manager.org :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|