On 8/20/16 1:17 PM, kev27 wrote: > On Friday, August 19, 2016 at 10:44:53 PM UTC+3, Andrew David Wong wrote: > On 2016-08-19 11:58, kev27 wrote: >>>>> Secure Encrypted Virtualization (SEV) integrates main memory encryption >>>>> capabilities with the existing AMD-V virtualization architecture to >>>>> support encrypted virtual machines. Encrypting virtual machines can help >>>>> protect them not only from physical threats but also from other virtual >>>>> machines or even the hypervisor itself. SEV thus represents a new >>>>> virtualization security paradigm that is particularly applicable to cloud >>>>> computing where virtual machines need not fully trust the hypervisor and >>>>> administrator of their host system. >>>> >>>> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/ >>>> AMD_Memory_Encryption_Whitepaper_v7-Public.pdf >>>> >>>> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf >>>> >>>> Is this something Qubes OS could work with in the future to improve its >>>> security on AMD Zen chips? Maybe something to keep an eye on. >>>> > > Sounds very interesting! This reminds me of what Joanna has written about > Intel SGX.[1][2][3] FWIW, however, Joanna has also said: > > "We don't have much experience with AMD: neither research- nor testing-wise. > Right now we have no resources to get acquainted."[4] > > I imagine that could be relevant to this. > > > [1] http://blog.invisiblethings.org/2013/08/30/thoughts-on-intels- > upcoming-software.html > [2] http://blog.invisiblethings.org/2013/09/23/thoughts-on-intels- > upcoming-software.html > [3] http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf > [4] https://twitter.com/rootkovska/status/756052459752128512 > > > Well, by the time enough people have Zen machines, it would've passed 2-3 > years anyway. So this was more of a heads-up. I understand there's a lack of > resources for a project such as Qubes OS, but Intel's monopoly with regular > consumers is bad enough and no need to make it worse with Intel exclusivity > for Qubes. > > Perhaps in a few years Qubes will have the resources to support AMD machines, > too. Or if there's a new Librem-like partnership between Qubes and some other > OEM, the Qubes team can encourage the use of AMD Zen instead. That would mean > they get funded for researching AMD's architecture, and at the same time gain > enough knowledge for working for AMD chips. >
This would be an interesting addition. If might be willing to help with Qubes on Zen machines please let me know. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/397c6a7c-8200-f93c-d375-1103ac285c11%40emailplus.org. For more options, visit https://groups.google.com/d/optout.
