> > On Jun 4, 2020, at 2:03 PM, Jim Mattson <jmattson@xxxxxxxxxx> wrote: > > On Thu, Jun 4, 2020 at 12:09 PM Nakajima, Jun <jun.nakajima@xxxxxxxxx> wrote: > >> We (Intel virtualization team) are also working on a similar thing, prototyping to meet such requirements, i..e "some level of confidentiality to guests”. Linux/KVM is the host, and the Kirill’s patches are helpful when removing the mappings from the host to achieve memory isolation of a guest. But, it’s not easy to prove there are no other mappings. >> >> To raise the level of security, our idea is to de-privilege the host kernel just to enforce memory isolation using EPT (Extended Page Table) that virtualizes guest (the host kernel in this case) physical memory; almost everything is passthrough. And the EPT for the host kernel excludes the memory for the guest(s) that has confidential info. So, the host kernel shouldn’t cause VM exits as long as it’s behaving well (CPUID still causes a VM exit, though). > > You're Intel. Can't you just change the CPUID intercept from required > to optional? It seems like this should be in the realm of a small > microcode patch. We’ll take a look. Probably it would be helpful even for the bare-metal kernel (e.g. debugging). Thanks for the suggestion. --- Jun Intel Open Source Technology Center