On Thu, Jun 4, 2020 at 12:09 PM Nakajima, Jun <jun.nakaj...@intel.com> wrote:
> We (Intel virtualization team) are also working on a similar thing, > prototyping to meet such requirements, i..e "some level of confidentiality to > guests”. Linux/KVM is the host, and the Kirill’s patches are helpful when > removing the mappings from the host to achieve memory isolation of a guest. > But, it’s not easy to prove there are no other mappings. > > To raise the level of security, our idea is to de-privilege the host kernel > just to enforce memory isolation using EPT (Extended Page Table) that > virtualizes guest (the host kernel in this case) physical memory; almost > everything is passthrough. And the EPT for the host kernel excludes the > memory for the guest(s) that has confidential info. So, the host kernel > shouldn’t cause VM exits as long as it’s behaving well (CPUID still causes a > VM exit, though). You're Intel. Can't you just change the CPUID intercept from required to optional? It seems like this should be in the realm of a small microcode patch.