On 2024-03-08 at 10:46-0700, David Woodhouse wrote: > On Fri, 2024-03-08 at 09:35 -0800, David Matlack wrote: > > I think what James is looking for (and what we are also interested > > in), is _eliminating_ the ability to access guest memory from the > > direct map entirely. And in general, eliminate the ability to access > > guest memory in as many ways as possible. > > Well, pKVM does that... Yes we've been looking at pKVM and it accomplishes a lot of what we're trying to do. Our initial inclination is that we want to stick with VHE for the lower overhead. We also want flexibility across server parts, so we would need to get pKVM working on Intel & AMD if we went this route. Certainly there are advantages of pKVM on the perf side like the in-place memory sharing rather than copying as well as on the security side by simply reducing the TCB. I'd be interested to hear others' thoughts on pKVM vs memfd_secret or general ASI. Derek
