On Wed, Sep 14, 2016 at 01:46:09PM -0500, Brijesh Singh wrote: > 7) Guest owner validates the measurement. If measurement matches then we are > good to launch the guest. This should ensure that bootcode was not > compromised by hypervisor.
As hypervisor can e.g. execute said code in any order (without touching protected memory) this seems rather like adding asserts in code at random points. Frankly if one is so worried about the boot sequence, just send an already booted guest to the cloud provider. But anyway, that's beside the point. My point is that all this measurement dance is orthogonal to memory encryption. It happens to be part of the same AMD CPU, but it might not be on other CPUs, and I don't see why should command line/QOM APIs tie us to what AMD did. -- MST
