Navigation
Recherche
|
[$] Guest-first memory for KVM
jeudi 2 novembre 2023, 16:28 , par LWN.net
One of the core objectives of any confidential-computing implementation is
to protect a guest system's memory from access by actors outside of the guest itself. The host computer and hypervisor are part of the group that is to be excluded from such access; indeed, they are often seen as threat in their own right. Hardware vendors have added features like memory encryption to make memory inaccessible to the host, but such features can be difficult to use and are not available on all CPUs, so there is ongoing interest in software-only solutions that can improve confidentiality. The guest-first memory patch set, posted by Sean Christopherson and containing work by several developers, looks poised to bring some software-based protection to an upcoming kernel release.
https://lwn.net/Articles/949277/
Voir aussi |
56 sources (32 en français)
Date Actuelle
dim. 28 avril - 11:06 CEST
|