[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-users] RAM security
If you enable the "Scrub RAM before freeing it to XEN" in your DomU
kernel, it is always overwritten with (I assume random) data before
the pages are returned to the pool of free memory. This should also
apply on memory freed by shrinking operations (xm mem-set ...) and
of course on DomU shutdown.
You should always enable this option, because cryptographic keys,
private data etc. would rest in XEN's memory until either another
DomU gets it (and can read that) or the Dom0 shuts down (reboot
sometimes even preserves RAM, but the hypervisor is scrubbing all
RAM which is not assigned to the Dom0, to prevent readable traces
after hard resets etc.).
With correct kernel configuration, the DomU memory should be totally
safe.
Am 06.12.2010 11:17, schrieb Jonathan Tripathy:
Hi Everyone,
In Xen, is a DomU able to access data in RAM which a previous
DomU has stored in the past, but didn't "zero" it?
I understand that this is a problem with physical disks (using
phy:/), just wondering if the same stands with RAM
Thanks
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
