lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 10 Nov 2020 11:18:56 +0000
From:   Marc Zyngier <maz@...nel.org>
To:     Christoph Hellwig <hch@...radead.org>
Cc:     David Brazdil <dbrazdil@...gle.com>, kvmarm@...ts.cs.columbia.edu,
        Mark Rutland <mark.rutland@....com>, kernel-team@...roid.com,
        Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
        Andrew Walbran <qwandor@...gle.com>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        Quentin Perret <qperret@...gle.com>,
        linux-kernel@...r.kernel.org, James Morse <james.morse@....com>,
        linux-arm-kernel@...ts.infradead.org,
        Catalin Marinas <catalin.marinas@....com>,
        Tejun Heo <tj@...nel.org>, Dennis Zhou <dennis@...nel.org>,
        Christoph Lameter <cl@...ux.com>,
        Will Deacon <will@...nel.org>,
        Julien Thierry <julien.thierry.kdev@...il.com>,
        Andrew Scull <ascull@...gle.com>
Subject: Re: [PATCH v1 00/24] Opt-in always-on nVHE hypervisor

On 2020-11-10 10:15, Christoph Hellwig wrote:
> On Mon, Nov 09, 2020 at 11:32:09AM +0000, David Brazdil wrote:
>> As we progress towards being able to keep guest state private to the
>> host running nVHE hypervisor, this series allows the hypervisor to
>> install itself on newly booted CPUs before the host is allowed to run
>> on them.
> 
> Why?  I thought we were trying to kill nVHE off now that newer CPUs
> provide the saner virtualization extensions?

We can't kill nVHE at all, because that is the only game in town.
You can't even buy a decent machine with VHE, no matter how much money
you put on the table.

nVHE is here for the foreseeable future, and we even use its misfeatures
to our advantage in order to offer confidential VMs. See Will's 
presentation
at KVM forum a couple of weeks ago for the gory details.

Thanks,

         M.
-- 
Jazz is not dead. It just smells funny...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ