>>>Host can read all of the guest's memory or mount the image and modify >>>the guest agent. Or even add their own communication program that can >>>do anything. >>> >> >>I get your point now! :) Thanks a lot!! >> >>Further more, kvm seems not as secure as xen, because xen isolates dom0 and >domU well, >>The administrator on dom0 couldn't access many things belonged to domUs. >>How to solve such problem in kvm? Any scheme? > >I don't know xen much, but maybe AMD SEV or everything-signed-by TPM >would help... Thank you , I'll look further into them. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list