On Mon, Feb 25, 2019 at 2:51 PM James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > On Mon, 2019-02-25 at 14:43 -0800, Matthew Garrett wrote: > > You still need a transport mechanism through the hypervisor to > > communicate with the host - what would you be using in that case > > instead of virtio? > > Socsim is net transported; it's sort of the TPM equivalent of NFS or > iSCSI storage for guests. Oh, so it relies on the guest being able to reach the host via network? Hmm. That's a different security tradeoff. It presumably also prevents any in-kernel use before networking is up?
