Re: [RFC 00/16] KVM protected memory extension

From: Nakajima, Jun
Date: Thu Jun 04 2020 - 19:29:55 EST


>
> On Jun 4, 2020, at 2:03 PM, Jim Mattson <jmattson@xxxxxxxxxx> wrote:
>
> On Thu, Jun 4, 2020 at 12:09 PM Nakajima, Jun <jun.nakajima@xxxxxxxxx> wrote:
>
>> We (Intel virtualization team) are also working on a similar thing, prototyping to meet such requirements, i..e "some level of confidentiality to guestsâ. Linux/KVM is the host, and the Kirillâs patches are helpful when removing the mappings from the host to achieve memory isolation of a guest. But, itâs not easy to prove there are no other mappings.
>>
>> To raise the level of security, our idea is to de-privilege the host kernel just to enforce memory isolation using EPT (Extended Page Table) that virtualizes guest (the host kernel in this case) physical memory; almost everything is passthrough. And the EPT for the host kernel excludes the memory for the guest(s) that has confidential info. So, the host kernel shouldnât cause VM exits as long as itâs behaving well (CPUID still causes a VM exit, though).
>
> You're Intel. Can't you just change the CPUID intercept from required
> to optional? It seems like this should be in the realm of a small
> microcode patch.

Weâll take a look. Probably it would be helpful even for the bare-metal kernel (e.g. debugging).
Thanks for the suggestion.

---
Jun
Intel Open Source Technology Center