Is the kata-container memory-safe?
zibinpan opened this issue · comments
If I create a container by kata, and my cloud server doesn't support SGX or TDX, then, is this container memory safe?
In other words, can the cloud host utilize some technologies like mapping the memory of the kata container to the real memory
and using memory analysis
to steal the data in my container?
If I create a container by kata, and my cloud server doesn't support SGX or TDX, then, is this container memory safe?
In other words, can the cloud host utilize some technologies like
mapping the memory of the kata container to the real memory
and usingmemory analysis
to steal the data in my container?
Yes, if the host didn't support TDX/SGX, then the VM memory contents are all in clear text, and it is easy to spy on the contents by reading the VM's memory from the host.