Explore the architecture for live migration of Intel TDX-based Confidential VMs in this 38-minute conference talk by Ravi Sahita and Jun Nakajima from Intel. Delve into the Intel Trust Domain Extension (TDX) recap, live migration goals, security properties, and functional requirements. Examine the components of Intel TDX live migration, new architectural interfaces, and cross-platform perspectives. Understand the lifecycle of TD migration and various security objectives, including confidentiality and integrity of content and exports, access control of migration TD assets, and integrity of TD migration policy. Learn about software implications on KVM, iterative pre-copy techniques, and considerations for scalability and efficiency in implementing live migration for confidential computing environments.
Live Migration Architecture for Intel TDX-based Confidential VMs
Overview
Syllabus
Intro
OUTLINE
INTEL TRUST DOMAIN EXTENSION (INTEL TDX) - RECAP
TO LIVE MIGRATION ARCHITECTURE GOALS
TD LIVE MIGRATION SECURITY & FUNCTIONAL PROPERTIES
INTEL TDX LIVE MIGRATION COMPONENTS
NEW INTEL TDX ARCHITECTURAL INTERFACES & MIG TD
INTEL TDX LIVE MIGRATION-CROSS PLATFORM VIEW
TD MIGRATION - LIFECYCLE
SECURITY OBJECTIVE-CONFIDENTIALITY AND INTEGRITY OF CONTA
SECURITY OBJECTIVE-CONFIDENTIALITY & INTEGRITY OF EXPORTE
SECURITY OBJECTIVE - ACCESS-CONTROL OF MIG TD ASSETS
SECURITY OBJECTIVE-INTEGRITY OF TD MIGRATION POLICY
SOFTWARE IMPLICATIONS ON KVM (CONT.)
ITERATIVE PRE-COPY
SCALABILITY AND EFFICIENCY
Taught by
Linux Foundation
Tags
Related Courses
-
Architectural Extensions for Hardware Virtual Machine Isolation to Advance Confidential Computing in Public Clouds
-
Supporting Live Migration of Confidential VMs in KVM
-
Allowing an Intel TDX Module to Run Without SEAM - Development Techniques
-
Providing Confidential Guest Services with a Secure VM Service Module on AMD
-
Secure Live Migration of Encrypted VMs
-
Device Attestation in Hardware TEE-Based Confidential Computing
