On Mon, 2019-02-25 at 15:02 -0800, Matthew Garrett wrote: > On Mon, Feb 25, 2019 at 2:51 PM James Bottomley > <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > On Mon, 2019-02-25 at 14:43 -0800, Matthew Garrett wrote: > > > You still need a transport mechanism through the hypervisor to > > > communicate with the host - what would you be using in that case > > > instead of virtio? > > > > Socsim is net transported; it's sort of the TPM equivalent of NFS > > or iSCSI storage for guests. > > Oh, so it relies on the guest being able to reach the host via > network? Hmm. That's a different security tradeoff. It presumably > also prevents any in-kernel use before networking is up? Exactly, that's why I'm not recommending it. However, the initrdless early net nastiness path has already been trodden by the NFS/iSCSI root people ... James
