PaX Team · Jul 19, 2023 · 1:20 PM UTC

PaX Team · Jul 19, 2023 · 1:20 PM UTC

PaX Team

PaX Team @paxteam

19 Jul 2023

...and with some more work kvmclock and similar users won't need to change at all :)

grsecurity @grsecurity

18 Jul 2023

KERNSEAL infrastructure, building upon a number of earlier design choices, makes it nearly trivial to achieve some impressive security goals. With a small change to kvmclock, we now have KVM where none of the guest memory is mapped/accessible at the hypervisor level at all!

Jul 19, 2023 · 1:20 PM UTC

Domo-kun · Jul 21, 2023 · 6:42 PM UTC

Domo-kun @domosauce

21 Jul 2023

Replying to @paxteam

I haven't been keeping up with the VMMs. I want to run custom signed and tamper resistant hypervisor images right out of boot with remote attestation, physical memory encryption, and out of the box a CPU that blocks the hypervisor from reading physically assigned guest VM RAM.