Re: [libvirt-users] Efficacy of jitterentropy RNG on qemu-kvm Guests

Daniel P. Berrangé: > On Fri, Aug 10, 2018 at 08:33:00PM +0000, procmem wrote: >> Hello. I'm a distro maintainer and was wondering about the efficacy of >> entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the >> authors of haveged [0] pointed out if t

Re: [libvirt-users] Efficacy of jitterentropy RNG on qemu-kvm Guests

Martin Kletzander: > On Fri, Aug 10, 2018 at 08:33:00PM +0000, procmem wrote: >> Hello. I'm a distro maintainer and was wondering about the efficacy of >> entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the >> authors of haveged [0] pointed out if t

[libvirt-users] Efficacy of jitterentropy RNG on qemu-kvm Guests

Hello. I'm a distro maintainer and was wondering about the efficacy of entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the authors of haveged [0] pointed out if the hardware cycles counter is emulated and deterministic, and thus predictible. He therefore does not recommend using

[libvirt-users] Read-only Guests for Anti-Forensics

Hello. I'm interested in running guests as read-only to turn them into a sort of virtualized "live=cd". The goal is to leave no forensic evidence on the host disk or virtual one which would lead to traces on the host still- similar to how TAILS works but with the added convenince and flexibility of

[libvirt-users] Direct Kernel Boot and Security

Hi. What are the security implications for the host when using direct kernel boot for guests that are potentially malicious? Is guest filesystem data saved to an emulated drive or directly on the host? [0] Direct boot seems like an otherwise more efficient way to do things. [0] It was discovered t

Re: [libvirt-users] Virtio-net drivers immune to Nethammer?

Daniel P. Berrangé: > On Sat, May 19, 2018 at 12:42:14AM +0000, procmem wrote: >> Hi I'm a privacy distro maintainer investigating the implications of the >> newly published nethammer attack [0] on KVM guests particularly the >> virtio-net drivers. The summary of the p

[libvirt-users] Virtio-net drivers immune to Nethammer?

Hi I'm a privacy distro maintainer investigating the implications of the newly published nethammer attack [0] on KVM guests particularly the virtio-net drivers. The summary of the paper is that rowhammer can be remotely triggered by feeding susceptible* network driver crafted traffic. This attack c

Re: [libvirt-users] Libvirt supported qemu-ga commands

Daniel P. Berrangé: > On Wed, Feb 28, 2018 at 11:13:46PM +0000, procmem wrote: >> Where can I find the full list of libvirt supported qemu-ga commands? >> The docs [0] imply virDomainQemuAgentCommand bypasses libvirt and is not >> recommended. >> >> I am look

Re: [libvirt-users] Libvirt supported qemu-ga commands

procmem: > Where can I find the full list of libvirt supported qemu-ga commands? > The docs [0] imply virDomainQemuAgentCommand bypasses libvirt and is not > recommended. > > I am looking to pass suspend/resume events from the host to the guest > and then have the guest act

[libvirt-users] Libvirt supported qemu-ga commands

Where can I find the full list of libvirt supported qemu-ga commands? The docs [0] imply virDomainQemuAgentCommand bypasses libvirt and is not recommended. I am looking to pass suspend/resume events from the host to the guest and then have the guest act on this internally. Your help is appreciated

[libvirt-users] QEMU guest-agent safety in hostile VM?

Hi. Is it still considered risky to use the QEMU guest agent in an untrusted guest? A warning on these lines was written in the manual a few years back when the feature made its debut. I wanted to know if it was hardened since. ___ libvirt-users mailing