[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    Re: [qubes-users] AMD Zen Secure Encrypted Virtualization (SEV)
From:       kev27 <th.review1 () gmail ! com>
Date:       2016-08-20 10:17:32
Message-ID: 6050c08c-b67e-462e-9f45-92d690bc7880 () googlegroups ! com
[Download RAW message or body]


On Friday, August 19, 2016 at 10:44:53 PM UTC+3, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 2016-08-19 11:58, kev27 wrote:
> > > Secure Encrypted Virtualization (SEV) integrates main memory encryption 
> > > capabilities with the existing AMD-V virtualization architecture to 
> > > support encrypted virtual machines. Encrypting virtual machines can help
> > > protect them not only from physical threats but also from other virtual
> > > machines or even the hypervisor itself. SEV thus represents a new 
> > > virtualization security paradigm that is particularly applicable to cloud
> > > computing where virtual machines need not fully trust the hypervisor and
> > > administrator of their host system.
> > 
> > http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/ 
> > AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
> > 
> > https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
> > 
> > Is this something Qubes OS could work with in the future to improve its 
> > security on AMD Zen chips? Maybe something to keep an eye on.
> > 
> 
> Sounds very interesting! This reminds me of what Joanna has written about
> Intel SGX.[1][2][3] FWIW, however, Joanna has also said:
> 
> "We don't have much experience with AMD: neither research- nor testing-wise.
> Right now we have no resources to get acquainted."[4]
> 
> I imagine that could be relevant to this.
> 
> 
> [1] http://blog.invisiblethings.org/2013/08/30/thoughts-on-intels-
> upcoming-software.html
> [2] http://blog.invisiblethings.org/2013/09/23/thoughts-on-intels-
> upcoming-software.html
> [3] http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
> [4] https://twitter.com/rootkovska/status/756052459752128512
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -----BEGIN PGP SIGNATURE-----
> 
> iQIcBAEBCgAGBQJXt2GHAAoJENtN07w5UDAwLuQP/3IkhRVoHpTogM4u5hUpzig+
> ni7T69i8FQ5cfbqRQKZa60TY4TAwaWUUKMyAOkUb8gnO9NEFOXHspV8S4kowWq3C
> j1OvVrq/DjucsqTchcwVo1x6K+WJsES+Bn92B253YCfmRllYNsGf7Zeolcd0uyVE
> 6w6qSkWuoPTjOmdXCHWBllreDh2LlVvgL3FF7207TLRTEjV8BGPFndFzZ8NfNGSx
> 6F4Ss7X/WLi0XmA3asJXofOr9piOM3D86sy6W8yK8q1OosbO+WQFAlVrtruoh6FZ
> WBhurvmix2Yj9TGOyFvdTBDG+ctybBrA3VatwJT7pcjIZvSKp6BW6h9P7rGAg+af
> AvW+UKJFsPD72meS3jyrKNICbz+tAajHCAL4eVF9wltS/zighuWBoIpAugOwxHWu
> rIfdN9hmtkPtG7uc/IeJP5utq9GpsbcuN3BjB79dPRrAqGrylriHa4hUGPloSutO
> OmXyq9YQW2C+FxLLFcAlfenxZZh1Umg+APPN0IqDjfBdKUS3oOYKJIP0YO0SDJYF
> CIZcQRiTs0O/JuKfqGddMU5QzzdWJx5Z2mVV2oTp5ed2sjl1KYYWLAg0gc73mSYB
> jcyWeeFvOJiz3csoBobOTh4eLBXJXd/Nzskki5WxOl6qYB7xSi4Vle1qnOels4vz
> 2NgLEVxsaJGJSZvJ72FJ
> =uIAV
> -----END PGP SIGNATURE-----

Well, by the time enough people have Zen machines, it would've passed 2-3 years \
anyway. So this was more of a heads-up. I understand there's a lack of resources for \
a project such as Qubes OS, but Intel's monopoly with regular consumers is bad enough \
and no need to make it worse with Intel exclusivity for Qubes. 

Perhaps in a few years Qubes will have the resources to support AMD machines, too. Or \
if there's a new Librem-like partnership between Qubes and some other OEM, the Qubes \
team can encourage the use of AMD Zen instead. That would mean they get funded for \
researching AMD's architecture, and at the same time gain enough knowledge for \
working for AMD chips.

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-users@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/6050c08c-b67e-462e-9f45-92d690bc7880%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.



[prev in list] [next in list] [prev in thread] [next in thread]