Hi Stefan,
On 03/23/2017 06:35 AM, Stefan Hajnoczi wrote:
On Wed, Mar 08, 2017 at 03:52:09PM -0500, Brijesh Singh wrote:
The object can be used to define global security policy for the guest.
"security-policy" is very vague. Lots of parts of QEMU have security
related options (e.g. VNC display, networking, etc).
I'd prefer a
-machine memory-encryption=on|off,memory-encryption-debug=on|off
or -m encryption=on|off,encryption-debug=on|off switch instead of a new
security policy object with questionable scope.
In v1 [1], I had something similar but not exactly the same. I had a new command
line switch but the overall feedback was to consider creating new security
object
which can be used to define a machine security policy.
[1] http://marc.info/?t=147378617700002&r=1&w=2
some more discussion here [2]
[2] http://marc.info/?t=147378241700011&r=1&w=2
IMHO, a new object is helpful because it provide options to launch a guest
without
memory encryption support but still can take a advantage of disabling the debug
feature. e.g on non SEV platform we can launch guest with "-object
security-policy,id=secure0,debug=off'
which will reject the guest memory accesses via gdbstub or qemu monitor command
line interface.
-Brijesh
