On Wed, Mar 11, 2020 at 03:33:59AM -0400, Michael S. Tsirkin wrote: > On Wed, Mar 11, 2020 at 12:12:47PM +1100, David Gibson wrote: > > I am wondering if we have to introduce an "svm=on" flag anyway. It's > > pretty ugly, since all it would be doing is changing defaults here and > > there for compatibilty with a possible future SVM transition, but > > maybe it's the best we can do :/. > > Frankly I'm surprised there's no way for the hypervisor to block VM > transition to secure mode. To me an inability to disable DRM looks like > a security problem.
Uh.. I don't immediately see how it's a security problem, though I'm
certainly convinced it's a problem in other ways.
> Does not the ultravisor somehow allow
> enabling/disabling this functionality from the hypervisor?
Not at present, but as mentioned on the other thread, Paul and I came
up with a tentative plan to change that.
> It would be
> even better if the hypervisor could block the guest from poking at the
> ultravisor completely but I guess that would be too much to hope for.
Yeah, probably :/.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
