On Tue, Oct 26, 2021 at 05:29:00PM -0600, Jim Fehlig wrote:
> On 5/6/21 04:22, Michal Prívozník wrote:
> > Dear list,
>
> Hi Michal,
>
> This thread has been quiet for a long time, but I wanted to check if any
> work has been done to provide an sev-inject-launch-secret equivalent for
> libvirt.
On 10/27/21 1:29 AM, Jim Fehlig wrote:
> On 5/6/21 04:22, Michal Prívozník wrote:
>> Dear list,
>
> Hi Michal,
>
> This thread has been quiet for a long time, but I wanted to check if any
> work has been done to provide an sev-inject-launch-secret equivalent for
> libvirt. AFAICT, there was
On 5/6/21 04:22, Michal Prívozník wrote:
Dear list,
Hi Michal,
This thread has been quiet for a long time, but I wanted to check if any work
has been done to provide an sev-inject-launch-secret equivalent for libvirt.
AFAICT, there was agreement this missing piece is needed to solve the
On Thu, May 06, 2021 at 07:57:43AM -0500, Connor Kuehl wrote:
> On 5/6/21 6:35 AM, Kashyap Chamarthy wrote:
> >> It looks like QEMU will expose commands needed for attestation via QMP [3].
> >> But question then is, how to expose those at Libvirt level? Should we allow
> >> users to bypass Libvirt
On 5/6/21 8:51 AM, Daniel P. Berrangé wrote:
>> I see. So it sounds like the way forward for libvirt is that it will
>> need to essentially duplicate the SEV-related QMP message types into its
>> own protocol since expecting the client to understand QMP discloses the
>> fact that the underlying
On Thu, May 06, 2021 at 08:43:53AM -0500, Connor Kuehl wrote:
> On 5/6/21 8:32 AM, Daniel P. Berrangé wrote:
> > On Thu, May 06, 2021 at 08:04:44AM -0500, Connor Kuehl wrote:
> >> On 5/6/21 6:51 AM, Daniel P. Berrangé wrote:
> It looks like QEMU will expose commands needed for attestation via
On 5/6/21 8:32 AM, Daniel P. Berrangé wrote:
> On Thu, May 06, 2021 at 08:04:44AM -0500, Connor Kuehl wrote:
>> On 5/6/21 6:51 AM, Daniel P. Berrangé wrote:
It looks like QEMU will expose commands needed for attestation via QMP [3].
>>>
>>> As mentioned in my reply to that thread, I believe
On Thu, May 06, 2021 at 08:04:44AM -0500, Connor Kuehl wrote:
> On 5/6/21 6:51 AM, Daniel P. Berrangé wrote:
> >> It looks like QEMU will expose commands needed for attestation via QMP [3].
> >
> > As mentioned in my reply to that thread, I believe we can already do
> > pretty much all of that
On 5/6/21 6:51 AM, Daniel P. Berrangé wrote:
>> It looks like QEMU will expose commands needed for attestation via QMP [3].
>
> As mentioned in my reply to that thread, I believe we can already do
> pretty much all of that via a combination of libvirt APIs & guest XML.
This is not a good user
On 5/6/21 6:35 AM, Kashyap Chamarthy wrote:
>> It looks like QEMU will expose commands needed for attestation via QMP [3].
>> But question then is, how to expose those at Libvirt level? Should we allow
>> users to bypass Libvirt and communicate to QEMU directly or wrap those QMPs
>> in
>> public
On Thu, May 06, 2021 at 12:22:26PM +0200, Michal Prívozník wrote:
> Dear list,
>
> in the light of recent development of secure virtualization (for instance AMD
> SEV-SNP [1]) I'd like us to be prepared for when QEMU adopts these new
> technologies and thus would like to discuss our options. So
On Thu, May 06, 2021 at 12:22:26PM +0200, Michal Prívozník wrote:
Hi,
(Just chiming in as a curious libvirt API user :-))
[...]
> This is where attestation comes to help - it enables the guest owner (which in
> this example is different to the one running it) verify - with cryptographic
>
Dear list,
in the light of recent development of secure virtualization (for instance AMD
SEV-SNP [1]) I'd like us to be prepared for when QEMU adopts these new
technologies and thus would like to discuss our options. So far, I've came
across AMD SEV-SNP [2]. While it's true that we do support
13 matches
Mail list logo
