Traditionally, in virtualized environments, the host is trusted by its
guests, and must
protect itself from potentially malicious guests. With initiatives
like confidential computing, this rule is extended in the other direction: the
guest no longer trusts the host. This change of paradigm requires
adding boundary defenses in places where there have been none before.
Recently, Andi Kleen submitted a patch
set attempting to add the needed protections in virtio. The discussion
that resulted from this patch set highlighted the need to secure
virtio for a wider range of use cases.
もっと詳しく