On 14/09/2016 23:09, Michael S. Tsirkin wrote: > > > > Does the guest have to check the measured data (e.g. with a hash) too, > > > > to check that it hasn't been tampered with outside the secure > > > > processor's control? Of course this would result in garbage written to > > > > the modified page, but that might be a valid attack vector. > > > > > > Guest does not need to check the measurement. > > > > Can you explain why not? > > For example, guest can boot in a secure environment and then be migrated > to cloud. In fact that seems much easier to manage than all the hash > based stuff.
This is not what I was asking. My question was: assuming that the guest is interested in checking the measurement, does it also have to recompute it independently, and if not why? Paolo
