Article 6G2J4 [$] Guest-first memory for KVM

[$] Guest-first memory for KVM

by
corbet
from LWN.net on (#6G2J4)
One of the core objectives of any confidential-computing implementation isto protect a guest system's memory from access by actors outside of theguest itself. The host computer and hypervisor are part of the group thatis to be excluded from such access; indeed, they are often seen as threat in their own right. Hardware vendors have added features like memoryencryption to make memory inaccessible to the host, but such features canbe difficult to use and are not available on all CPUs, so there is ongoinginterest in software-only solutions that can improve confidentiality. Theguest-firstmemory patch set, posted by Sean Christopherson and containing work byseveral developers, looks poised to bring some software-based protection toan upcoming kernel release.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments