Is there a variant of Linux kernel for virtualization that runs in-memory in a state that can't be read by the host operating system?
Asked
Active
Viewed 373 times
1 Answers
3
Not possible. The host can read everything, no matter what it is.
Encrypted memory means there must be a decryption key, and that key must reside in clear, in the memory. The memory the host has full access. Not only access to memory, but the instruction execution too. No matter how you hide that, the host will have access.
ThoriumBR
- 50,648
- 13
- 127
- 142
-
Doesn't homomorphic encryption allow key to remain invisible while enabling computing on the contents? The last I checked homomorphic encryption is so slow that it wouldn't work in practice but what about in theory? – jimmy Oct 01 '18 at 12:58
-
The encryption is done in full view of the host. There's no way to hide it. – ThoriumBR Oct 01 '18 at 13:03
-
1Not entirely true. It _is_ possible under certain configurations for the host to have no direct access to the VM memory. That's kind of the point of stuff like ARM TrustZone and Intel TXT. Whether things like Inte's SGX and AMD's SME actually work as they're advertised and handle encryption of VM memory that's opaque to the host is another question though. – Austin Hemmelgarn Oct 01 '18 at 19:37