On Thu, Mar 12, 2020 at 02:32:11AM -0400, Michael S. Tsirkin wrote:
> On Thu, Mar 12, 2020 at 12:10:49PM +1100, David Gibson wrote:
> > On Wed, Mar 11, 2020 at 03:33:59AM -0400, Michael S. Tsirkin wrote:
> > > On Wed, Mar 11, 2020 at 12:12:47PM +1100, David Gibson wrote:
> > > > I am wondering if we have to introduce an "svm=on" flag anyway.  It's
> > > > pretty ugly, since all it would be doing is changing defaults here and
> > > > there for compatibilty with a possible future SVM transition, but
> > > > maybe it's the best we can do :/.
> > > 
> > > Frankly I'm surprised there's no way for the hypervisor to block VM
> > > transition to secure mode. To me an inability to disable DRM looks like
> > > a security problem.
> > 
> > Uh.. I don't immediately see how it's a security problem, though I'm
> > certainly convinced it's a problem in other ways.
> 
> Well for one it breaks introspection, allowing guests to hide
> malicious code from hypervisors.

Hm, ok.  Is that much used in practice?

(Aside: I don't think I'd call that "introspection" since it's one
thing examining another, not something examining itself).

> 
> > > Does not the ultravisor somehow allow
> > > enabling/disabling this functionality from the hypervisor?
> > 
> > Not at present, but as mentioned on the other thread, Paul and I came
> > up with a tentative plan to change that.
> > 
> > > It would be
> > > even better if the hypervisor could block the guest from poking at the
> > > ultravisor completely but I guess that would be too much to hope for.
> > 
> > Yeah, probably :/.
> > 
> 
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson