If it is really compromised, then you have to assume anything the vm sends you is fake. As far as the owner of guest knows, there could not even a a real vm, only a ssh shell that looks like it.
In a real situation, the guest owner would send the host owner a "starting disk" or ISO. Then the host would tell the trusted cpu to boot a iso that sends the signature to the host, and also boot a modified iso in a normal hypervisor, and emulate the trusted part of the cpu. When the normal hypervisor vm wants the signature, the signature of vm1 is returned. The system in the normal hypervisor could also just lie to any connections outside the host system, so even if it knows its backdoored, it still test the guest owner its not. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
