> > On Jun 4, 2020, at 2:03 PM, Jim Mattson <jmatt...@google.com> wrote: > > On Thu, Jun 4, 2020 at 12:09 PM Nakajima, Jun <jun.nakaj...@intel.com> wrote: > >> We (Intel virtualization team) are also working on a similar thing, >> prototyping to meet such requirements, i..e "some level of confidentiality >> to guests”. Linux/KVM is the host, and the Kirill’s patches are helpful when >> removing the mappings from the host to achieve memory isolation of a guest. >> But, it’s not easy to prove there are no other mappings. >> >> To raise the level of security, our idea is to de-privilege the host kernel >> just to enforce memory isolation using EPT (Extended Page Table) that >> virtualizes guest (the host kernel in this case) physical memory; almost >> everything is passthrough. And the EPT for the host kernel excludes the >> memory for the guest(s) that has confidential info. So, the host kernel >> shouldn’t cause VM exits as long as it’s behaving well (CPUID still causes a >> VM exit, though). > > You're Intel. Can't you just change the CPUID intercept from required > to optional? It seems like this should be in the realm of a small > microcode patch.
We’ll take a look. Probably it would be helpful even for the bare-metal kernel (e.g. debugging). Thanks for the suggestion. --- Jun Intel Open Source Technology Center
