On Wed, Feb 10, 2021 at 08:25:11AM -0800, Dave Hansen wrote: > This is all very cute. But, if this fails, it means that the .data > section is now garbage, right?. I guess failing here is less > entertaining than trying to run the kernel with random garbage in .data, > but it doesn't make it very far either way, right? Yes, if this fails the .data section is garbage, and more importantly, the .text section of the decompressed kernel image would be garbage too. The kernel won't get very far, but could possibly be tricked into releasing secrets to the hypervisor. > Why bother with rdrand, though? Couldn't you just pick any old piece of > .data and compare before and after? It is important that the Hypervisor can't predict what data will be written. It is written with paging off, so it will implicitly be encrypted. If the Hypervisor knows the data, it could use the small time window until it is read again to remap the gpa to a page with the expected data. Regards, Joerg
