|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [RFC 0/4] TEE mediator framework + OP-TEE mediator
On 20.10.17 19:57, Tamas K Lengyel wrote: Hello Tamas, If we wanted to provide every DomU with own instance of virtual TEE - that would work. But we want to allow DomUs to work with real a TEE. Thus we need TEE mediator, and mediator will need to have a shared state. So we can't split it among multiple stubdoms.In previous discussion we considered only two variants: in XEN or outside XEN. Stubdomain approach looks more secure, but I'm not sure that it is true. Such stubdomain will need access to all guests memory. If you managed to gain control on mediator stubdomain, you can do anything you want with all guests.That's slightly untrue. The stubdomain will only be able to mess with domains using TEE.Would it be feasible to have multiple TEE stubdoms providing the interface for select domUs (with XSM)? IMHO that would provide the greatest disaggregation and thus the most security. WBR Volodymyr Babchuk _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |