On Wed, Sep 14, 2016 at 10:58:08AM +0200, Paolo Bonzini wrote:
> On 14/09/2016 04:33, Michael S. Tsirkin wrote:
> > Frankly I don't understand why do you need to mess with boot at all.
> > Quoting the cover letter:
> > SEV is designed to protect guest VMs from a benign but vulnerable
> > (i.e. not fully malicious) hypervisor. In particular, it reduces the
> > attack
> > surface of guest VMs and can prevent certain types of VM-escape bugs
> > (e.g. hypervisor read-anywhere) from being used to steal guest data.
> > it seems highly unlikely that any secret data is used during boot.
> > So just let guest boot normally, and encrypt afterwards.
> > Even assuming there are some guests that have secret data during boot,
> > I would first upstream the main part of the feature for normal guests,
> > then weight the extra security if any against the features and
> > performance lost (like slower boot times).
> If you can't trust boot, any encryption done afterwards is totally
You trust hypervisor anyway, it's all mitigation, being about making
attacks harder, isn't it? So if the attack has to happen in the window
when guest boots within BIOS, that might be good enough. Or just don't
boot in the cloud, move guest there after boot.