Explore the evolution of COCONUT Secure VM Service Module (COCONUT-SVSM) from a service module for confidential VMs to a paravisor layer for unenlightened operating systems in this 30-minute KVM Forum talk. Discover the COCONUT-SVSM community's achievements over the past year and learn about the project's direction towards paravisor support. Examine the challenges within the COCONUT codebase and upstream adoption in the KVM hypervisor. Gain insights into proposed solutions for supporting AMD SEV-SNP VMPLs and Intel TDX partitioning within KVM and QEMU, with a particular focus on the complexities of IRQ delivery architecture. Presented by Jörg Rödel, a long-term Linux kernel developer specializing in virtualization and confidential computing, and Roy Hopkins, an expert in data protection and isolation technologies with extensive knowledge of Intel SGX and AMD SEV.
COCONUT-SVSM on KVM: Progress, Plans, and Challenges
Overview
Syllabus
COCONUT-SVSM on KVM: Progress, Plans, and Challenges by Jörg Rödel & Roy Hopkins
Taught by
KVM Forum
Related Courses
-
The COCONUT Secure VM Service Module for Confidential Virtual Machines
-
Coconut-SVSM - Early Attestation to Unlock Persistent State - KVM Forum
-
Protected KVM on Arm64: A Technical Deep Dive
-
Supporting Live Migration of Confidential VMs in KVM
-
Accounting and Page Migration Challenges in Secure Guests Using FD-Based Private Memory
-
Zero-Trust vTPM for AMD SEV-SNP Confidential Virtual Machines
