From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42435)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1bkDRE-0007YP-Pg
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 12:53:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1bkDRA-0001dM-QZ
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 12:53:32 -0400
Received: from mx1.redhat.com ([209.132.183.28]:36400)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1bkDRA-0001ch-LB
	for qemu-devel@nongnu.org; Wed, 14 Sep 2016 12:53:28 -0400
References: <147377800565.11859.4411044563640180545.stgit@brijesh-build-machine>
	<147377810767.11859.4668503556528840901.stgit@brijesh-build-machine>
	<20160914052034-mutt-send-email-mst@kernel.org>
	<4bf6d983-3ecf-9350-3791-74022c06aa51@amd.com>
	<20160914163827-mutt-send-email-mst@kernel.org>
	<7a50db8e-2a3e-d7e2-6742-fcb88f8368ab@redhat.com>
	<20160914150213.krwad4qk3ktz5qnh@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <6a123514-3748-eba6-e562-20183b934425@redhat.com>
Date: Wed, 14 Sep 2016 18:53:22 +0200
MIME-Version: 1.0
In-Reply-To: <20160914150213.krwad4qk3ktz5qnh@redhat.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt
 command
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>, ehabkost@redhat.com, crosthwaite.peter@gmail.com, armbru@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, rth@twiddle.net



On 14/09/2016 17:02, Michael S. Tsirkin wrote:
> If you believe there are attackers that have access to the
> monitor and nothing else, then a feature to disable debugging
> is a generally useful one. But once we merge sev patchset then of course
> sev people disappear and it will be up to others to make it
> work on non-amd CPUs.
> 
> Another is to help merge other parts faster.  E.g.  looking at what
> Daniel writes, the feature might have been over-sold so people will
> disable debugging thinking this will prevent all active attacks. Thus we
> now need to add good documentation so people know what they can actually
> expect to get from QEMU in return for disabling debugging. Why not merge
> the simple "encrypt memory part" while this documentation work is going
> on?

Encrypting memory makes no sense if anyone can ask to decrypt it.  And
I'm not even sure how force-enabling debug r/w, which is literally a
single bit set in the feature register, would make the patchset simpler.

If anything, as I said already, it would make the patchset simpler to
force-*disable* it, since you don't need to introduce debug hooks that
go through the secure processor.

Paolo