[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Is Xen affected by this x86 hardware security hole?



> > Nevertheless, Xen offers confinement.  Also, as Keir pointed out, there
> > are stricter restrictions on what even dom0 can do (and these can be made
> > even more strict).
> >
> > Cheers,
> > Mark
>
> If it turns out that Xen has the capability to prevent this exploit in
> virtualized operating systems, that capability could become a big
> inducement to use Xen all the time - certainly in my case.

Well, I think Keir was meaning we could even prevent it in dom0.

You could disable writes to SMRAM in a domU, in principle.  The question would 
be whether there are legitimate uses that would be compromised by this.  For 
a locked-down machine, perhaps not.  I'm a bit fuzzy on the voodoo of SMM ;-)

You could also (again, in principle) report attempted writes to this area of 
memory to the system administrator so you could detect a possible attack.

Cheers,
Mark

-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.