Post Syndicated from original https://lwn.net/Articles/865216/rss

Traditionally, in virtualized environments, the host is trusted by its
guests, and must
protect itself from potentially malicious guests. With initiatives
like confidential computing, this rule is extended in the other direction: the
guest no longer trusts the host. This change of paradigm requires
adding boundary defenses in places where there have been none before.
Recently, Andi Kleen submitted a patch
set attempting to add the needed protections in virtio. The discussion
that resulted from this patch set highlighted the need to secure
virtio for a wider range of use cases.