Overview
Explore the challenges of accounting and page migration in secure guests using FD-based private memory in this KVM Forum conference talk. Delve into the threat model for confidential virtual machines (CVMs) and understand how it impacts the trusted computing base (TCB). Learn about ongoing efforts to harden Linux against misbehaving device emulations and discover why certain security-sensitive devices require emulation within the TCB. Examine the COCONUT Secure VM Service Module (SVSM) and its utilization of VM privilege levels on AMD SEV-SNP hardware to provide secure services and device emulations for CVMs. Gain insights into the project's origins, its relationship to other SVSM implementations, and its integration into the KVM virtualization stack. Explore the underlying design principles and participate in discussions about future plans, including ideas for emulating security-sensitive devices and data storage solutions.
Syllabus
Accounting and page migration challenges in Secure guests using FD-based private memory
Taught by
KVM Forum