[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    [qubes-users] Re: AMD Zen Secure Encrypted Virtualization (SEV)
From:       Benson Muite <benson_muite () emailplus ! org>
Date:       2016-08-22 11:20:31
Message-ID: 397c6a7c-8200-f93c-d375-1103ac285c11 () emailplus ! org
[Download RAW message or body]

On 8/20/16 1:17 PM, kev27 wrote:
> On Friday, August 19, 2016 at 10:44:53 PM UTC+3, Andrew David Wong wrote:
> On 2016-08-19 11:58, kev27 wrote:
> > > > > Secure Encrypted Virtualization (SEV) integrates main memory encryption 
> > > > > capabilities with the existing AMD-V virtualization architecture to 
> > > > > support encrypted virtual machines. Encrypting virtual machines can help
> > > > > protect them not only from physical threats but also from other virtual
> > > > > machines or even the hypervisor itself. SEV thus represents a new 
> > > > > virtualization security paradigm that is particularly applicable to cloud
> > > > > computing where virtual machines need not fully trust the hypervisor and
> > > > > administrator of their host system.
> > > > 
> > > > http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/ 
> > > > AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
> > > > 
> > > > https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
> > > > 
> > > > Is this something Qubes OS could work with in the future to improve its 
> > > > security on AMD Zen chips? Maybe something to keep an eye on.
> > > > 
> 
> Sounds very interesting! This reminds me of what Joanna has written about
> Intel SGX.[1][2][3] FWIW, however, Joanna has also said:
> 
> "We don't have much experience with AMD: neither research- nor testing-wise.
> Right now we have no resources to get acquainted."[4]
> 
> I imagine that could be relevant to this.
> 
> 
> [1] http://blog.invisiblethings.org/2013/08/30/thoughts-on-intels-
> upcoming-software.html
> [2] http://blog.invisiblethings.org/2013/09/23/thoughts-on-intels-
> upcoming-software.html
> [3] http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
> [4] https://twitter.com/rootkovska/status/756052459752128512
> 
> 
> Well, by the time enough people have Zen machines, it would've passed 2-3 years \
> anyway. So this was more of a heads-up. I understand there's a lack of resources \
> for a project such as Qubes OS, but Intel's monopoly with regular consumers is bad \
> enough and no need to make it worse with Intel exclusivity for Qubes.  
> Perhaps in a few years Qubes will have the resources to support AMD machines, too. \
> Or if there's a new Librem-like partnership between Qubes and some other OEM, the \
> Qubes team can encourage the use of AMD Zen instead. That would mean they get \
> funded for researching AMD's architecture, and at the same time gain enough \
> knowledge for working for AMD chips. 

This would be an interesting addition. If might be willing to help with
Qubes on Zen machines please let me know.

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-users@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/397c6a7c-8200-f93c-d375-1103ac285c11%40emailplus.org.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]