On Tuesday, January 9, 2018 at 2:09:43 AM UTC+1, Marek Marczykowski-Górecki wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Tue, Jan 09, 2018 at 12:26:24AM -0000, kapikti@mail2tor wrote: > > 4.15 has KPTI which blocks Meltdown. I see a lot of talk on this mailing > > list about more exotic solutions like switching to 32-bit VMs or HVMs > > exclusively, which certainly could be good for blocking both Meltdown and > > some varieties of Spectre, but it would seem to me like blocking Meltdown > > itself (as it is the easiest to exploit) should be the top priority, and > > the most effective way to do this immediately is just to upgrade to 4.15. > > Are there any plans in the works to do this? > > Just upgrading Linux (either dom0, VM, or both) does not help in > virtualized environment (especially PV used in Qubes 3.2). What would be > needed, is to apply KPTI-like approach to Xen itself, which is not ready > yet and probably won't be anytime soon. This is why we're discussing > alternative solutions. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -----BEGIN PGP SIGNATURE----- > > iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlpUFi4ACgkQ24/THMrX > 1ywHcAf/ZAeCIiy+MggVN5pRBPhQ9Q7RuSZImy0qUAkhpvME0Q1XVSHYaCoPMaF4 > yp9IIRxlg7Va2yxjffCIF3lldN5BVMGKrnwR7oghxLB81z958/5iwG0rG9cGN6Go > lsKxHCopvlBVjU1HOUTzKoNH7sOB0XJvKwVJcwqhNBoLNxnXmjFjczW7W4MuZI7Q > 16hF7k7+uMeSOX9QlKKxxf0FaTS2oWhRz/f6lhsVIh1G++Zp2ATQSaPCxq3Szc7k > N1AKtj+WFFwfcCsxN+oNYbX3OnDeLAx5IstKzvMDPwREsS9K3RID5udT6hog54n7 > fBy/1p0FGIAwEUybN2Szfl8qV0QUSA== > =o/5S > -----END PGP SIGNATURE-----
I'm guessing software memory encryption (comparable to what AMD offers via SME/SEV for Ryzen Pro / Epyc -- transparent encryption with keys known only to the VM/HV instance, generated on boot) is completely unfeasible? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/7d2b228f-18e5-4af2-9a0c-90cf62734a62%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
