[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC 0/4] TEE mediator framework + OP-TEE mediator



On 20.10.17 19:57, Tamas K Lengyel wrote:

Hello Tamas,

In previous discussion we considered only two variants: in XEN or outside
XEN. Stubdomain approach looks more secure, but I'm not sure that it is
true.
Such stubdomain will need access to all guests memory. If you managed to
gain control on mediator stubdomain, you can do anything you want with all
guests.


That's slightly untrue. The stubdomain will only be able to mess with
domains using TEE.

Would it be feasible to have multiple TEE stubdoms providing the
interface for select domUs (with XSM)? IMHO that would provide the
greatest disaggregation and thus the most security.
If we wanted to provide every DomU with own instance of virtual TEE - that would work. But we want to allow DomUs to work with real a TEE. Thus we need TEE mediator, and mediator will need to have a shared state. So we can't split it among multiple stubdoms.


WBR Volodymyr Babchuk


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.