[RFC PATCH v3 0/5] Hypervisor-Enforced Kernel Integrity - CR pinning
Sean Christopherson
seanjc at google.com
Fri May 3 13:49:47 UTC 2024
On Fri, May 03, 2024, Mickaël Salaün wrote:
> Hi,
>
> This patch series implements control-register (CR) pinning for KVM and
> provides an hypervisor-agnostic API to protect guests. It includes the
> guest interface, the host interface, and the KVM implementation.
>
> It's not ready for mainline yet (see the current limitations), but we
> think the overall design and interfaces are good and we'd like to have
> some feedback on that.
...
> # Current limitations
>
> This patch series doesn't handle VM reboot, kexec, nor hybernate yet.
> We'd like to leverage the realated feature from KVM CR-pinning patch
> series [3]. Help appreciated!
Until you have a story for those scenarios, I don't expect you'll get a lot of
valuable feedback, or much feedback at all. They were the hot topic for KVM CR
pinning, and they'll likely be the hot topic now.
More information about the Linux-security-module-archive
mailing list