On Mon, Aug 29, 2016 at 12:51:20PM +0000, liut...@yahoo.com wrote: > Hi David,I'm studying the process of postcopy migration, and I found > that the memory pages migrated from source to destination are not > encrypted. Does this make the VM vulnerable if it's memory has been > tampered with during postcopy migration?
If you already haven't, you might want to take a look at this post, which discusses the security details during live migration with post-copy. https://www.berrange.com/posts/2016/08/16/improving-qemu-security-part-7-tls-support-for-migration/ It also has an example of setting the 'tls-creds' field with 'migrate-set-parameters' QMP command to use TLS, before triggering 'migrate' QMP command. > I think precopy has less risk because the source's memory is always > altering. If one page is tampered with during network transfer, with > source still running, then a later version of that page may keep > updating. So it would be quite difficult to track all different page > versions, and tamper with the final version of one page. > > But when it comes to postcopy, the situation is riskier because one > specific page is only transferred once. It's easy to capture all > transferring memory pages, tamper and resend. > > When the memory been tampered with, the safety of the VM will be > compromised. > > Any ideas? thank you!Liutao -- /kashyap
