On Wed, Oct 18, 2017 at 08:18:48PM +0100, Dr. David Alan Gilbert wrote: > * Michael S. Tsirkin (mst@xxxxxxxxxx) wrote: > > On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote: > > > > > > 11. GO verifies the measurement and if measurement matches then it may > > > > > > give a secret blob -- which must be injected into the guest before > > > > > > libvirt starts the VM. If verification failed, GO will request cloud > > > > > > provider to destroy the VM. > > > > I realised I'm missing something here: how does GO limit the > > secret to the specific VM? For example, what prevents hypervisor > > from launching two VMs with the same GO's DH, getting measurement > > from 1st one but injecting the secret into the second one? > > Isn't that the 'trusted channel nonce currently associated with the > guest' in the guest context? > > Dave Let me try to clarify the question. I understand that sometimes a key is shared between VMs. If this is allowed, it seems that a hypervisor can run any number of VMs with the same key. An unauthorised VM will not get a measurement that guest owner authorizes, but can the hypervisor get secret intended for an authorized VM and then inject it into an unauthorized one sharing the same key? > > Thanks, > > > > -- > > MST > > > -- > Dr. David Alan Gilbert / dgilbert@xxxxxxxxxx / Manchester, UK -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
