4 Jul
2022
4 Jul
'22
2:38 p.m.
Once upon a time, Sharpened Blade sharpenedblade@proton.me said:
With virtual machines, nothing can actually be verified completely, the host running the vm can, 1) Modify the firmware to intercept anything the attacker wants, or 2) directly intercept things at the cpu level.
There are CPU extensions that I understand stop that, so that the hypervisor and VMs do not have to trust each other. That's part of the reason to secure the boot stack.
--
Chris Adams linux@cmadams.net