> for the virtual machines and continue the chain. Note that you're
> already half-way there with KVM, since most of its code runs in the
> kernel itself.
Not really. Chunks of kvm run in userspace so you'll now have to
sign libc, qemu, every file qemu uses, ld.so , ...
This is a general proble
On 05/31/2012 02:38 PM, Alan Cox wrote:
It's of course all a bit of a joke because it's then a simple matter of
using virtualisation to fake the "secure" environment and running the
"secure" OS in that 8)
The distributions can review the hypervisor code (then sign it as a
symbol of trust) and
