On Wed, Jan 07, 2009 at 10:34:19AM -0600, Anthony Liguori wrote:
Gleb Natapov wrote:
This patch allows to mark specific nic as trusted by adding special
PCI capability. "Trusted" means that it is used for communication
between host and guest and no malicious entity can inject traffic
to the nic.
Signed-off-by: Gleb Natapov <address@hidden>
What utility does this have? Does this make Windows happy in some
special way?
That is for secure guest<->host communication over network. Guest has to
know somehow which link host uses for communication. If guest has no way
to know this, another computer on untrusted network can pretend it is real
host and "own" a guest.