Hi George, On Mon, Nov 14, 2016 at 05:09:01PM +0000, George Dunlap wrote: > There is probably a way to configure Xen to make it possible to build > domains while making a full dump-core difficult to implement even by a > motivated attacker; but that would be quite a bit more work (and very > bespoke to your own particular situation).
I think if it could be made extremely difficult for a compromised dom0 to dump guest memory then that would be useful to a wide range of Xen users, as compromise of general purpose Linux hosts (like most people's dom0s) is pretty commonplace. Though I was reminded off-list (thanks for that), that Intel SGX and AMD SME include features which can protect guest memory from other guests/host/dom0, so perhaps that is a more sensible direction to go in. Thanks, Andy _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
