On Friday, August 19, 2016 at 10:44:53 PM UTC+3, Andrew David Wong wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2016-08-19 11:58, kev27 wrote: > >> Secure Encrypted Virtualization (SEV) integrates main memory encryption > >> capabilities with the existing AMD-V virtualization architecture to > >> support encrypted virtual machines. Encrypting virtual machines can help > >> protect them not only from physical threats but also from other virtual > >> machines or even the hypervisor itself. SEV thus represents a new > >> virtualization security paradigm that is particularly applicable to cloud > >> computing where virtual machines need not fully trust the hypervisor and > >> administrator of their host system. > > > > http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/ > > AMD_Memory_Encryption_Whitepaper_v7-Public.pdf > > > > https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf > > > > Is this something Qubes OS could work with in the future to improve its > > security on AMD Zen chips? Maybe something to keep an eye on. > > > > Sounds very interesting! This reminds me of what Joanna has written about > Intel SGX.[1][2][3] FWIW, however, Joanna has also said: > > "We don't have much experience with AMD: neither research- nor testing-wise. > Right now we have no resources to get acquainted."[4] > > I imagine that could be relevant to this. > > > [1] http://blog.invisiblethings.org/2013/08/30/thoughts-on-intels- > upcoming-software.html > [2] http://blog.invisiblethings.org/2013/09/23/thoughts-on-intels- > upcoming-software.html > [3] http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf > [4] https://twitter.com/rootkovska/status/756052459752128512 > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJXt2GHAAoJENtN07w5UDAwLuQP/3IkhRVoHpTogM4u5hUpzig+ > ni7T69i8FQ5cfbqRQKZa60TY4TAwaWUUKMyAOkUb8gnO9NEFOXHspV8S4kowWq3C > j1OvVrq/DjucsqTchcwVo1x6K+WJsES+Bn92B253YCfmRllYNsGf7Zeolcd0uyVE > 6w6qSkWuoPTjOmdXCHWBllreDh2LlVvgL3FF7207TLRTEjV8BGPFndFzZ8NfNGSx > 6F4Ss7X/WLi0XmA3asJXofOr9piOM3D86sy6W8yK8q1OosbO+WQFAlVrtruoh6FZ > WBhurvmix2Yj9TGOyFvdTBDG+ctybBrA3VatwJT7pcjIZvSKp6BW6h9P7rGAg+af > AvW+UKJFsPD72meS3jyrKNICbz+tAajHCAL4eVF9wltS/zighuWBoIpAugOwxHWu > rIfdN9hmtkPtG7uc/IeJP5utq9GpsbcuN3BjB79dPRrAqGrylriHa4hUGPloSutO > OmXyq9YQW2C+FxLLFcAlfenxZZh1Umg+APPN0IqDjfBdKUS3oOYKJIP0YO0SDJYF > CIZcQRiTs0O/JuKfqGddMU5QzzdWJx5Z2mVV2oTp5ed2sjl1KYYWLAg0gc73mSYB > jcyWeeFvOJiz3csoBobOTh4eLBXJXd/Nzskki5WxOl6qYB7xSi4Vle1qnOels4vz > 2NgLEVxsaJGJSZvJ72FJ > =uIAV > -----END PGP SIGNATURE-----
Well, by the time enough people have Zen machines, it would've passed 2-3 years anyway. So this was more of a heads-up. I understand there's a lack of resources for a project such as Qubes OS, but Intel's monopoly with regular consumers is bad enough and no need to make it worse with Intel exclusivity for Qubes. Perhaps in a few years Qubes will have the resources to support AMD machines, too. Or if there's a new Librem-like partnership between Qubes and some other OEM, the Qubes team can encourage the use of AMD Zen instead. That would mean they get funded for researching AMD's architecture, and at the same time gain enough knowledge for working for AMD chips. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6050c08c-b67e-462e-9f45-92d690bc7880%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
