[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    Re: [qubes-users] AMD Zen Secure Encrypted Virtualization (SEV)
From:       Andrew David Wong <adw () qubes-os ! org>
Date:       2016-08-19 19:44:47
Message-ID: 570f2e98-b342-b24a-7e0b-d3b734584417 () qubes-os ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-08-19 11:58, kev27 wrote:
> > Secure Encrypted Virtualization (SEV) integrates main memory encryption 
> > capabilities with the existing AMD-V virtualization architecture to 
> > support encrypted virtual machines. Encrypting virtual machines can help
> > protect them not only from physical threats but also from other virtual
> > machines or even the hypervisor itself. SEV thus represents a new 
> > virtualization security paradigm that is particularly applicable to cloud
> > computing where virtual machines need not fully trust the hypervisor and
> > administrator of their host system.
> 
> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/ 
> AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
> 
> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
> 
> Is this something Qubes OS could work with in the future to improve its 
> security on AMD Zen chips? Maybe something to keep an eye on.
> 

Sounds very interesting! This reminds me of what Joanna has written about
Intel SGX.[1][2][3] FWIW, however, Joanna has also said:

"We don't have much experience with AMD: neither research- nor testing-wise.
Right now we have no resources to get acquainted."[4]

I imagine that could be relevant to this.


[1] http://blog.invisiblethings.org/2013/08/30/thoughts-on-intels-
upcoming-software.html
[2] http://blog.invisiblethings.org/2013/09/23/thoughts-on-intels-
upcoming-software.html
[3] http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
[4] https://twitter.com/rootkovska/status/756052459752128512

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXt2GHAAoJENtN07w5UDAwLuQP/3IkhRVoHpTogM4u5hUpzig+
ni7T69i8FQ5cfbqRQKZa60TY4TAwaWUUKMyAOkUb8gnO9NEFOXHspV8S4kowWq3C
j1OvVrq/DjucsqTchcwVo1x6K+WJsES+Bn92B253YCfmRllYNsGf7Zeolcd0uyVE
6w6qSkWuoPTjOmdXCHWBllreDh2LlVvgL3FF7207TLRTEjV8BGPFndFzZ8NfNGSx
6F4Ss7X/WLi0XmA3asJXofOr9piOM3D86sy6W8yK8q1OosbO+WQFAlVrtruoh6FZ
WBhurvmix2Yj9TGOyFvdTBDG+ctybBrA3VatwJT7pcjIZvSKp6BW6h9P7rGAg+af
AvW+UKJFsPD72meS3jyrKNICbz+tAajHCAL4eVF9wltS/zighuWBoIpAugOwxHWu
rIfdN9hmtkPtG7uc/IeJP5utq9GpsbcuN3BjB79dPRrAqGrylriHa4hUGPloSutO
OmXyq9YQW2C+FxLLFcAlfenxZZh1Umg+APPN0IqDjfBdKUS3oOYKJIP0YO0SDJYF
CIZcQRiTs0O/JuKfqGddMU5QzzdWJx5Z2mVV2oTp5ed2sjl1KYYWLAg0gc73mSYB
jcyWeeFvOJiz3csoBobOTh4eLBXJXd/Nzskki5WxOl6qYB7xSi4Vle1qnOels4vz
2NgLEVxsaJGJSZvJ72FJ
=uIAV
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-users@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/570f2e98-b342-b24a-7e0b-d3b734584417%40qubes-os.org.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]