Explore the challenges of accounting and page migration in secure guests using FD-based private memory in this KVM Forum conference talk. Delve into the threat model for confidential virtual machines (CVMs) and understand how it impacts the trusted computing base (TCB). Learn about ongoing efforts to harden Linux against misbehaving device emulations and discover why certain security-sensitive devices require emulation within the TCB. Examine the COCONUT Secure VM Service Module (SVSM) and its utilization of VM privilege levels on AMD SEV-SNP hardware to provide secure services and device emulations for CVMs. Gain insights into the project's origins, its relationship to other SVSM implementations, and its integration into the KVM virtualization stack. Explore the underlying design principles and participate in discussions about future plans, including ideas for emulating security-sensitive devices and data storage solutions.
Accounting and Page Migration Challenges in Secure Guests Using FD-Based Private Memory
Overview
Syllabus
Accounting and page migration challenges in Secure guests using FD-based private memory
Taught by
KVM Forum
Related Courses
-
The COCONUT Secure VM Service Module for Confidential Virtual Machines
-
Securing Interrupt Delivery for SEV-SNP Guests
-
Providing Confidential Guest Services with a Secure VM Service Module on AMD
-
COCONUT-SVSM on KVM: Progress, Plans, and Challenges
-
AMD SEV-TIO - Trusted I/O for Secure Encrypted Virtualization
-
Supporting Live Migration of Confidential VMs in KVM
