On 14/09/2016 15:05, Michael S. Tsirkin wrote: > I assumed that with debug on, memory is still encrypted but the > hypervisor can break encryption, and as the cover letter states, the > hypervisor is assumed benign. If true I don't see a need to > give users more rope.
The hypervisor is assumed benign but vulnerable. So, if somebody breaks the hypervisor, you would like to make it as hard as possible for the attacker to do evil stuff to the guests. If the attacker can just ask the secure processor "decrypt some memory for me", then the encryption is effectively broken. Paolo
