On 10/18/17 8:35 PM, Michael S. Tsirkin wrote:
On Wed, Oct 18, 2017 at 08:18:48PM +0100, Dr. David Alan Gilbert wrote:
* Michael S. Tsirkin (m...@redhat.com) wrote:
On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> 11. GO verifies the measurement and if measurement matches
On Wed, Oct 18, 2017 at 08:18:48PM +0100, Dr. David Alan Gilbert wrote:
> * Michael S. Tsirkin (m...@redhat.com) wrote:
> > On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> > > > > > 11. GO verifies the measurement and if measurement matches
> > > > > then it may
> > > > >
* Michael S. Tsirkin (m...@redhat.com) wrote:
> On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> > > > > 11. GO verifies the measurement and if measurement matches then
> > > > it may
> > > > > give a secret blob -- which must be injected into the guest
> > > > before
>
On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> > > > 11. GO verifies the measurement and if measurement matches then it
> > > may
> > > > give a secret blob -- which must be injected into the guest before
> > > > libvirt starts the VM. If verification failed, GO
Hi Laszlo,
On 10/01/2017 04:56 AM, Laszlo Ersek wrote:
On 10/01/17 11:17, Laszlo Ersek wrote:
(3) Implement SEV encryption for pflash. A pflash chip can be in one of
two modes: (a) it reads and executes as ROM, or (b) it behaves like a
programmable (r/w) device with MMIO registers. Switching
Forgive the top post... some of the conversation has been trimmed, but I
need to go back to first principles of SEV in order to make sure we all
have a clear understanding of what the goal is.
The goal - for BOTH guest owner and cloud provider - is to get to a VM
where ONLY the guest owner (GO
On Wed, Sep 27, 2017 at 08:39:24AM -0500, Brijesh Singh wrote:
> Hi Michael,
>
>
> On 09/26/2017 09:36 AM, Michael S. Tsirkin wrote:
>
> ...
>
> > > 8. libvirt launches the guest with "-S"
> > > 9. While creating the SEV guest qemu does the following
> > > i) create encryption context using G
Hi Michael,
On 09/26/2017 09:36 AM, Michael S. Tsirkin wrote:
...
8. libvirt launches the guest with "-S"
9. While creating the SEV guest qemu does the following
i) create encryption context using GO's DH, session-info and guest policy
(LAUNCH_START)
ii) encrypts the guest bios (LAUN
* Michael S. Tsirkin (m...@redhat.com) wrote:
> On Fri, Sep 08, 2017 at 06:57:30AM -0500, Brijesh Singh wrote:
> > Hi All,
>
> Sorry if below comment doesn't make sense, I might be misunderstanding
> something basic about SEV. Also sorry about the delay, I've been on
> vacation.
>
>
> > (sorry f
On Fri, Sep 08, 2017 at 06:57:30AM -0500, Brijesh Singh wrote:
> Hi All,
Sorry if below comment doesn't make sense, I might be misunderstanding
something basic about SEV. Also sorry about the delay, I've been on
vacation.
> (sorry for the long message)
>
> CPUs from AMD EPYC family supports Sec
On 09/08/17 17:51, Daniel P. Berrange wrote:
> On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
>> I am looking at [1] to get the feel for how do we model it in the XML.
>> As you can see I am using ad-hoc to create the sev-guest
>> object. Currently, sev-guest object accepts the fo
On 09/08/2017 10:51 AM, Daniel P. Berrange wrote:
On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
So I could see a flow like the following:
The flow looks good
1. mgmt tool calls virConnectGetCapabilities. This returns an XML
document that includes the followi
On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> > So I could see a flow like the following:
>
>
> The flow looks good
>
> >
> >
> >1. mgmt tool calls virConnectGetCapabilities. This returns an XML
> > document that includes the following
> >
> >
> >
Hi Daniel,
On 09/08/2017 09:52 AM, Daniel P. Berrange wrote:
On Fri, Sep 08, 2017 at 01:45:06PM +, Relph, Richard wrote:
A few answers in line…
On 9/8/17, 8:16 AM, "Daniel P. Berrange" wrote:
On Fri, Sep 08, 2017 at 06:57:30AM -0500, Brijesh Singh wrote:
> Hi All,
>
On Fri, Sep 08, 2017 at 01:45:06PM +, Relph, Richard wrote:
> A few answers in line…
>
> On 9/8/17, 8:16 AM, "Daniel P. Berrange" wrote:
>
> On Fri, Sep 08, 2017 at 06:57:30AM -0500, Brijesh Singh wrote:
> > Hi All,
> >
> > (sorry for the long message)
> >
> > CPUs
A few answers in line…
On 9/8/17, 8:16 AM, "Daniel P. Berrange" wrote:
On Fri, Sep 08, 2017 at 06:57:30AM -0500, Brijesh Singh wrote:
> Hi All,
>
> (sorry for the long message)
>
> CPUs from AMD EPYC family supports Secure Encrypted Virtualization (SEV)
> feature -
On Fri, Sep 08, 2017 at 06:57:30AM -0500, Brijesh Singh wrote:
> Hi All,
>
> (sorry for the long message)
>
> CPUs from AMD EPYC family supports Secure Encrypted Virtualization (SEV)
> feature - the feature allows running encrypted VMs. To enable the feature,
> I have been submitting patches to L
Hi All,
(sorry for the long message)
CPUs from AMD EPYC family supports Secure Encrypted Virtualization (SEV)
feature - the feature allows running encrypted VMs. To enable the feature,
I have been submitting patches to Linux kernel [1], Qemu [2] and OVMF [3].
We have been making some good progres
18 matches
Mail list logo