[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM r
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest |
Date: |
Wed, 14 Sep 2016 00:59:32 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 13/09/2016 16:50, Brijesh Singh wrote:
> In SEV-enabled mode we need to reload the BIOS image on loader reset, this
> will ensure that BIOS image gets encrypted and included as part of launch
> meausrement on guest reset.
Just to check if I understand correctly, the secure processor cannot
split the encryption and measuring, which is why you need to redo the
copy on every reset.
Does the guest have to check the measured data (e.g. with a hash) too,
to check that it hasn't been tampered with outside the secure
processor's control? Of course this would result in garbage written to
the modified page, but that might be a valid attack vector.
Paolo
- [Qemu-devel] [RFC PATCH v1 17/22] target-i386: add cpuid Fn8000_001f, (continued)
- [Qemu-devel] [RFC PATCH v1 07/22] sev: add SEV launch start command, Brijesh Singh, 2016/09/13
- [Qemu-devel] [RFC PATCH v1 12/22] sev: add SEV guest status command, Brijesh Singh, 2016/09/13
- [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Brijesh Singh, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Michael S. Tsirkin, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest,
Paolo Bonzini <=
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Michael S. Tsirkin, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Brijesh Singh, 2016/09/14
Message not available