[openstack-dev] "Evil" Firmware

Robert Collins robertc at robertcollins.net
Fri Jan 17 08:12:19 UTC 2014


> The physical function is the one with the "real" PCI config space, so as
> long as the host controls it then there should be minimal risk from the
> guests since they have limited access via the virtual functions--typically
> mostly just message-passing to the physical function.

As long as its a whitelist of audited message handlers, thats fine. Of
course, if the message handlers haven't been audited, who knows whats
lurking in there.

-Rob


-- 
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud



More information about the OpenStack-dev mailing list