Explore the ongoing work towards stateful services in the Coconut-SVSM platform for providing secure services to Confidential Virtual Machine guests on AMD SEV-SNP. Delve into the challenges and solutions for preserving state across reboots, enabling fully functional vTPM and persistent secure UEFI variable store for Secure Boot. Learn about the implementation of encrypted persistent storage backed by the host hypervisor, the remote attestation process for key retrieval, and the use of a host-side proxy for server communication. Examine current challenges, potential attacks, and future developments in supporting persistent state in SVSM. Gain insights from Stefano Garzarella, Principal Software Engineer at Red Hat and maintainer of Linux's vsock subsystem, and Oliver Steffen, Software Engineer specializing in confidential virtualization and virtual firmware.
Coconut-SVSM - Early Attestation to Unlock Persistent State - KVM Forum
Overview
Syllabus
Coconut-SVSM: Early attestation to unlock persistent state by Stefano Garzarella & Oliver Steffen
Taught by
KVM Forum
Related Courses
-
SVSM vTPM: From Boot Attestation to Persistent Storage and Beyond
-
COCONUT-SVSM on KVM: Progress, Plans, and Challenges
-
Remote Attestation in AMD SEV-SNP Confidential VMs
-
Zero-Trust vTPM for AMD SEV-SNP Confidential Virtual Machines
-
The COCONUT Secure VM Service Module for Confidential Virtual Machines
-
Providing Confidential Guest Services with a Secure VM Service Module on AMD
