Explore AMD SEV-SNP Attestation and its role in establishing trust in guest VMs within confidential compute environments. Learn about the attestation process, including the retrieval and verification of signed attestation reports containing platform and guest measurements. Discover how relying parties can use these reports to grant access to sensitive resources securely. Delve into the specifics of SEV-SNP attestation, its integration with Linux guest boot flow, and the importance of TCB version tracking. Gain insights into the threat model involving untrusted cloud providers and understand how AMD SEV-SNP addresses these challenges through robust attestation mechanisms.
AMD SEV-SNP Attestation - Establishing Trust in Guests
Overview
Syllabus
Intro
AMD SEV-SNP Overview
Threat Model - Untrusted Cloud Provider
AMD SEV-SNP Attestation
Measurements of Trusted Computing Base (TCB)
Attestation Report: Platform Measurements
Attestation Report: Guest Measurements
Authenticity of Attestation Report
Binding Guest Credentials to Attestation Report
Retrieving Attestation Reports
TCB Version Tracking
Taught by
Linux Foundation
Tags
Related Courses
-
Zero-Trust vTPM for AMD SEV-SNP Confidential Virtual Machines
-
Remote Attestation in AMD SEV-SNP Confidential VMs
-
AMD SEV-TIO - Trusted I/O for Secure Encrypted Virtualization
-
Upcoming x86 Technologies for Malicious Hypervisor Protection
-
Providing Confidential Guest Services with a Secure VM Service Module on AMD
-
Accounting and Page Migration Challenges in Secure Guests Using FD-Based Private Memory
