Explore the intricacies of I/O support for virtualization-based Trusted Execution Environments (TEEs) in this 25-minute conference talk by Hao Wu from Intel. Delve into the world of confidential computing and its role in protecting data during computation within hardware-based TEEs. Examine the use case of running confidential computing inside TEE VMs and the challenges posed by the increasing need for external device assistance in computing workloads. Discover various I/O support options for TEE VMs and understand the requirements for software, Linux/KVM, host hardware, and devices to implement these options effectively. Learn about specific techniques such as direct I/O with bounce buffers in shared memory, addressing scenarios where devices lack access to TEE VM private memory. Gain insights into the additional security measures needed to protect data passing through shared bounce buffers, including encryption methods to ensure confidentiality in virtualization-based trusted execution environments.
Exploring I/O Support for Virtualization-Based Trusted Execution Environments
Overview
Syllabus
Exploring I/O Support for Virtualization-Based Trusted Execution Environment - Hao Wu, Intel
Taught by
Linux Foundation
Tags
Related Courses
-
Introducing IO Devices into Trusted Execution Environments
-
Device Attestation in Hardware TEE-Based Confidential Computing
-
Confidential Computing in Cloud and Edge
-
The Rise of Confidential Computing
-
Trusted Execution Environments - A Technical Overview of Intel SGX, Arm TrustZone, and RISC-V PMP
-
vSGX: Virtualizing SGX Enclaves on AMD SEV
