>> In previous discussion we considered only two variants: in XEN or outside >> XEN. Stubdomain approach looks more secure, but I'm not sure that it is >> true. >> Such stubdomain will need access to all guests memory. If you managed to >> gain control on mediator stubdomain, you can do anything you want with all >> guests. > > > That's slightly untrue. The stubdomain will only be able to mess with > domains using TEE.
Would it be feasible to have multiple TEE stubdoms providing the interface for select domUs (with XSM)? IMHO that would provide the greatest disaggregation and thus the most security. Tamas _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
