Exploring I/O Support for Virtualization-Based Trusted Execution Environments

Explore the intricacies of I/O support for virtualization-based Trusted Execution Environments (TEEs) in this 25-minute conference talk by Hao Wu from Intel. Delve into the world of confidential computing and its role in protecting data during computation within hardware-based TEEs. Examine the use case of running confidential computing inside TEE VMs and the challenges posed by the increasing need for external device assistance in computing workloads. Discover various I/O support options for TEE VMs and understand the requirements for software, Linux/KVM, host hardware, and devices to implement these options effectively. Learn about specific techniques such as direct I/O with bounce buffers in shared memory, addressing scenarios where devices lack access to TEE VM private memory. Gain insights into the additional security measures needed to protect data passing through shared bounce buffers, including encryption methods to ensure confidentiality in virtualization-based trusted execution environments.