Once upon a time, Sharpened Blade <sharpenedblade@xxxxxxxxx> said: > With virtual machines, nothing can actually be verified completely, the host running the vm can, 1) Modify the firmware to intercept anything the attacker wants, or 2) directly intercept things at the cpu level. There are CPU extensions that I understand stop that, so that the hypervisor and VMs do not have to trust each other. That's part of the reason to secure the boot stack. -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
