WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

Re: [Xense-devel] Shype/ACM for HVM guest.

To: "Praveen Kushwaha" <praveen.kushwaha@xxxxxxxxxxx>
Subject: Re: [Xense-devel] Shype/ACM for HVM guest.
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Mon, 2 Apr 2007 09:48:37 -0400
Cc: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 02 Apr 2007 06:47:30 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <0A8CFEC45B7F4C419F7543867C47442380A77B@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx

xense-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 04/02/2007 05:40:39 AM:

> Hi,

>             Does Shype/ACM architecture for implementing security in
> xen supports HVM guest also?  I mean to say that, as per my


HVM guests are supported in so far that the configuration of an HVM is checked when the VM is started. This is done in xend where resource assignments (disk access)  are validated.

> knowledge in xen 3.0.4         shype/ACM is implemented. Does this
> shype/ACM work also for the HVM (windows) guest?

>               As per my understanding shype/ACM puts hook on
> hypercalls from the hypervisor, and consult with the ACM. But in
> case of full virtualization, hypervisor does not have hypercalls to
> communicate with HVM guest. There is VMEntry/VMExit for


This is correct. Though, if paravirtualized drivers are used in an HVM, also they will need to go through the hooks for grant table access and event channels.

   Stefan


> communication, in which guest state and host state are saved.  Since
> there are no hypercalls  in case of full virtualization then how the
> actually shype/ACM works. Where does it put hooks? Or is there any
> other mechanism through which it implements security in HVM guest.

>       If any one has information regarding it  please reply.
>  
> Thanks,
> Praveen Kushwaha
>  
>        
>  
>  _______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
<Prev in Thread] Current Thread [Next in Thread>