> With SEV enabled, an operator who has root privilege on a host system can't inspect or meaningfully alter the contents of RAM in use by a virtual machine running on that system.
Is that true? I would like to know more on what kind of garanties SEV gives / how it works high level, any resources you can recommend?
I assume that at least when the VM is being launched, the sysadmin can mess up with the VM?
It is true if you assume SEV has no sidechannel vulnerabilities and that noone can uncap your CPU and read out the cryptographic material with an electron microscope.
Is that true? I would like to know more on what kind of garanties SEV gives / how it works high level, any resources you can recommend? I assume that at least when the VM is being launched, the sysadmin can mess up with the VM?