On Tue, Feb 21, 2017 at 14:58:07 CET, Daniel P. Berrange wrote: > On Tue, Feb 21, 2017 at 02:42:51PM +0100, michaelof@xxxxxxxxxxxxxx wrote: [...] > If the attacker has access to the physical host while your VM is running, > then (with current hardware) there is essentially nothing you can do to > prevent a skilled person getting your master key out of VM memory. AMD > recently announced a memory encryption feature that might make it possible > to protect guest keys from a host attacker, but its still very early days > in its developement & integration into virtualization technology, so a very > long way off being available in any public hosting provider. I think this is more about proteching VMs from each other than from the Hypervisor, think memory deduplication, copy-on-write and caches that leak information from one VM to another. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
