Explore two new features for IBM Secure Execution (SE) on Linux in this 25-minute conference talk by Steffen Eiden and Marc Hartmayer from IBM Deutschland Research & Development GmbH. Learn about attestation, which adds another layer of trust to confidential computing on IBM Z by allowing third-party verification of guest security and specific machine identification. Discover the confidential dump feature, which enables encrypted external VM dumping for cases where internal dumping fails or is unavailable. Understand the use cases, current state, and challenges of guest vs. hypervisor-initiated guest dumping. Gain insights into the QEMU/KVM perspective on dumping, the feature's life cycle, and relevant command lines. Delve into how these features enhance SE's usability and security in the context of IBM® Secure Execution technology.
Attestation and Confidential Dump for IBM Secure Execution on Linux
Overview
Syllabus
Attestation and Confidential Dump for IBM Secure Execution on Linux
Use cases
Current state
Guest vs. hypervisor initiated guest dumping
Problem: We don't trust the hypervisor
Dumping: QEMU/KVM perspective
Life Cycle
Command lines!
Summary
IBM® Secure Execution
Taught by
Linux Foundation
