|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Possible to prevent dom0 accessing guest memory?
On 14/11/16 14:51, Andy Smith wrote: > Hello, > > Please forgive me if this is a naive question but I do not know this > low-level stuff very well. > > If the ability of the toolstack to dump a guest's memory (e.g. xl > dump-core) were disabled on the hypervisor side, would there be any > other way to do so from dom0 without rebooting the machine into a > hypervisor that had the capability re-enabled? > > I understand dom0 has privileges to map devices to guests; does that > give it a way to read arbitrary memory without need of toolstack > support? > > The purpose of my question is in seeing if disk encryption in VMs > can be made slightly more useful. If there were no way for root in > dom0 to read guest memory without rebooting into a different > hypervisor then I think that would be a useful step. You have misunderstood a step. Dom0 can map all of guest memory. This is how `xl dump-core` is implemented, as well as how Qemu emulates devices for the guest. However, it is also a strict requirement for Dom0 to construct the domain in the first place, so you can't simply disable it in the hypervisor and end up with a working system. Even if it were possible to exclude this in Xen, Dom0 by default has a number of powers which can alter hypervisor code, such as loading a crash kernel or a livepatch. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |