Overview
Explore the innovative approach to emulating Microsoft's Virtual Secure Mode (VSM) using QEMU and KVM in this 29-minute conference talk from KVM Forum. Dive into the core concepts of VSM, a virtualization-based security technology that leverages hypervisor capabilities to protect guest data against compromises. Learn about the challenges faced in emulating VSM in KVM and discover the novel design based on sharing multiple KVM VMs within a single QEMU VM, known as "Companion VMs." Understand how this approach models VSM's privileged execution contexts as distinct KVM VMs and explore its potential applications in confidential computing and enhancing device emulation security. Get an update on the efforts to upstream this work in both KVM and QEMU, and gain insights from Nicolas Saenz Julienne, a senior kernel and hypervisor engineer at AWS with expertise in hardware/software interfaces and open-source collaboration.
Syllabus
Emulating Hyper-V's Virtual Secure Mode (VSM) with QEMU and KVM by Nicolas Saenz Julienne
Taught by
KVM Forum