091384'019438'0913284'0918324'09: > Hello Ilpo Järvinen, > > would be it an option, if some "secure CPU" is just encrypt the caches before > it handles over the CPU power to other processes? > > Perhaps in the some near future? > > Kind Regards >
Please, go read the literature on cache-based side-channel attacks and all the proposed countermeasures. Isolating VMs to different cores which still share the same last level cache, or encrypting the data in the cache (though it's unclear what you mean by "encrypt[ing] the cache") are not sufficient to prevent leaking secret data. Here's a classic example why: https://dl.packetstormsecurity.net/papers/general/flush-reload.pdf. Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/52f37313-ce0f-926b-b756-a88bafbd1a7e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
