From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38325)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bkGih-0007kx-C2
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 16:23:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bkGic-0001jb-B4
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 16:23:47 -0400
Received: from mx1.redhat.com ([209.132.183.28]:43324)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bkGic-0001iy-4W
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 16:23:42 -0400
Date: Wed, 14 Sep 2016 23:23:38 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20160914222536-mutt-send-email-mst@kernel.org>
References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
	<147377806784.11859.11149856529336910514.stgit@brijesh-build-machine>
	<20160913155807.GA2850@thinpad.lan.raisama.net>
	<6411b07f-4edd-390c-acca-5342ab1187ba@amd.com>
	<20160913220044.GY24695@thinpad.lan.raisama.net>
	<a6f64675-c57c-7275-fb61-62a3558dd287@amd.com>
	<20160914191431-mutt-send-email-mst@kernel.org>
	<6e6c9859-cd54-193a-47b5-efbb43d84ec6@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <6e6c9859-cd54-193a-47b5-efbb43d84ec6@amd.com>
Subject: Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>, crosthwaite.peter@gmail.com, armbru@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, pbonzini@redhat.com, rth@twiddle.net, "Daniel P. Berrange" <berrange@redhat.com>

On Wed, Sep 14, 2016 at 01:46:09PM -0500, Brijesh Singh wrote:
> 7) Guest owner validates the measurement. If measurement matches then we are
> good to launch the guest. This should ensure that bootcode was not
> compromised by hypervisor.

As hypervisor can e.g. execute said code in any order (without touching
protected memory) this seems rather like adding asserts in code at
random points. Frankly if one is so worried about the boot sequence,
just send an already booted guest to the cloud provider.


But anyway, that's beside the point. My point is that all this
measurement dance is orthogonal to memory encryption.
It happens to be part of the same AMD CPU, but it
might not be on other CPUs, and I don't see why
should command line/QOM APIs tie us to what AMD did.

-- 
MST