It wouldn't help at all if the key is kept in memory. Via Meltdown, an
attacker in a PV VM you would be able to see the entire memory of the
host machine, including the encryption keys. There are been some
experiments in the past with in-cache AES keys for memory encryption
with Linux Kernels (e.g TRESOR), but they didn't withstand successive
security scrutiny.
On 01/10/2018 07:48 AM, Foppe de Haan wrote:
> On Tuesday, January 9, 2018 at 2:09:43 AM UTC+1, Marek
> Marczykowski-Górecki wrote:
> >
>
> ********* *BEGIN ENCRYPTED or SIGNED PART* *********
>
> > On Tue, Jan 09, 2018 at 12:26:24AM -0000, kapikti@mail2tor wrote:
> > > 4.15 has KPTI which blocks Meltdown. I see a lot of talk on this
> mailing
> > > list about more exotic solutions like switching to 32-bit VMs or HVMs
> > > exclusively, which certainly could be good for blocking both
> Meltdown and
> > > some varieties of Spectre, but it would seem to me like blocking
> Meltdown
> > > itself (as it is the easiest to exploit) should be the top
> priority, and
> > > the most effective way to do this immediately is just to upgrade
> to 4.15.
> > > Are there any plans in the works to do this?
> >
> > Just upgrading Linux (either dom0, VM, or both) does not help in
> > virtualized environment (especially PV used in Qubes 3.2). What would be
> > needed, is to apply KPTI-like approach to Xen itself, which is not ready
> > yet and probably won't be anytime soon. This is why we're discussing
> > alternative solutions.
> >
> > --
> > Best Regards,
> > Marek Marczykowski-Górecki
> > Invisible Things Lab
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> >
>
> ********** *END ENCRYPTED or SIGNED PART* **********
>
> I'm guessing software memory encryption (comparable to what AMD offers
> via SME/SEV for Ryzen Pro / Epyc -- transparent encryption with keys
> known only to the VM/HV instance, generated on boot) is completely
> unfeasible?
>
> --
> You received this message because you are subscribed to the Google
> Groups "qubes-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
qubes-devel...@googlegroups.com.
> To post to this group, send email to
qubes...@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/qubes-devel/7d2b228f-18e5-4af2-9a0c-90cf62734a62%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.