Hi,
Yes that is fine if the
paravirtualized drivers are used in HVM then we can put hooks on that. But it
is different case, how actually shype/ACM works in case of VMExit/VMEntry.
Since in case of
VMExit/VMEntry there are no hypercalls, then how sHype/ACM implements security.
I mean to ask that how
sHype/ACM works in case of HVM guest.
Thanks,
Praveen
Kushwaha
From: Stefan Berger
[mailto:stefanb@xxxxxxxxxx]
Sent: Monday, April 02, 2007 7:19
PM
To: Praveen
Kushwaha
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx;
xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xense-devel]
Shype/ACM for HVM guest.
xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
wrote on 04/02/2007 05:40:39 AM:
> Hi,
>
Does Shype/ACM architecture for implementing
security in
> xen supports HVM guest also? I mean to
say that, as per my
HVM guests
are supported in so far that the configuration of an HVM is checked when the VM
is started. This is done in xend where resource assignments (disk access)
are validated.
> knowledge in xen 3.0.4
shype/ACM is implemented. Does this
> shype/ACM work also for the HVM (windows)
guest?
>
As per my understanding shype/ACM
puts hook on
> hypercalls from the hypervisor, and consult
with the ACM. But in
> case of full virtualization, hypervisor does
not have hypercalls to
> communicate with HVM guest. There is
VMEntry/VMExit for
This is
correct. Though, if paravirtualized drivers are used in an HVM, also they will
need to go through the hooks for grant table access and event channels.
Stefan
> communication, in which guest state and host
state are saved. Since
> there are no hypercalls in case of full
virtualization then how the
> actually shype/ACM works. Where does it put
hooks? Or is there any
> other mechanism through which it implements
security in HVM guest.
>
If any one has information regarding it please reply.
>
> Thanks,
> Praveen Kushwaha
>
>
>
>
_______________________________________________
> Xense-devel mailing list
> Xense-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xense-devel
Home