From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47068)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bkHRL-0006ZL-J1
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 17:09:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bkHRI-0005Ff-85
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 17:09:54 -0400
Received: from mx1.redhat.com ([209.132.183.28]:48238)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1bkHRI-0005FX-2J
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 17:09:52 -0400
Date: Thu, 15 Sep 2016 00:09:49 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20160915000801-mutt-send-email-mst@kernel.org>
References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
	<147377822450.11859.5845767550630184079.stgit@brijesh-build-machine>
	<45717d25-176b-dd80-98cc-d91ee0e354fc@redhat.com>
	<4785aa6b-9033-cced-2436-f25a099061cf@amd.com>
	<f51a6563-51b0-16c7-241b-bbd6c3ba2f3f@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <f51a6563-51b0-16c7-241b-bbd6c3ba2f3f@redhat.com>
Subject: Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on
 ROM reset in SEV-enabled guest
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>, ehabkost@redhat.com, crosthwaite.peter@gmail.com, armbru@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, rth@twiddle.net

On Wed, Sep 14, 2016 at 10:38:58PM +0200, Paolo Bonzini wrote:
> 
> 
> On 14/09/2016 22:29, Brijesh Singh wrote:
> >> Does the guest have to check the measured data (e.g. with a hash) too,
> >> to check that it hasn't been tampered with outside the secure
> >> processor's control?  Of course this would result in garbage written to
> >> the modified page, but that might be a valid attack vector.
> > 
> > Guest does not need to check the measurement.
> 
> Can you explain why not?
> 
> Paolo

For example, guest can boot in a secure environment and then be migrated
to cloud. In fact that seems much easier to manage than all the hash
based stuff.

-- 
MST