[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] RAM security
Just a few questions:1) By saying "the guest's responsibility", does this mean that CONFIG_XEN_SCRUB_PAGES=y is set in the DomU kernel config?
2) Also, if a DomU was shutdown by xm destroy, obviously the DomU wouldn’t scrub the RAM. However would Xen still scrub the RAM?
3) If the physical server was shutdown (e.g. plug pulled), I'm guessing this will presetn a problem?
4) Why doesn't Xen scrub the RAM before giving it to the DomU? Thanks On 06/12/10 14:49, George Dunlap wrote:
I looked into this sometime this last year. I believe the answer is "no": the domain destruction routines will zero memory before handing it back to Xen. One potential data leak, however (last time I looked at this), is that Xen does not scrub memory handed back by the balloon driver. So if the guest OS hasn't scrubbed it, and it contains sensitive information, it may end up being assigned to another domain as-is (either via ballooning or start-of-day domain creation). At the moment that's considered the guest's responsibility. -George On Mon, Dec 6, 2010 at 2:35 PM, Jonathan Tripathy<jonnyt@xxxxxxxxxxx> wrote:Hi Everyone, In Xen, is a DomU able to access data in RAM which a previous DomU has stored in the past, but didn't "zero" it? I understand that this is a problem with physical disks (using phy:/), just wondering if the same stands with RAM Thanks _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
Lists.xenproject.org is hosted with RackSpace, monitoring our