Explore the Protected Execution Facility, an architectural modification for IBM Linux and OpenPower Linux servers, in this 42-minute conference talk by Guerney D. H. Hunt from IBM Research. Delve into the challenges of keeping applications and containers secure against attacks and compromised components in both traditional and cloud computing environments. Learn about the associated firmware, the Protected Execution Ultravisor, which enhances security for virtual machines, creating secure virtual machines (SVMs). Discover how this facility supports both normal VMs and SVMs concurrently, and understand the protections and restrictions applied to SVMs. Compare and contrast vendor approaches to providing security in potentially compromised hypervisor or OS scenarios. Gain insights into topics such as Open Source, Linux KVM, boot changes, kernel modifications, and hardware alterations necessary for implementing this security technology.
Protected Execution Facility for Secure Virtual Machines
Overview
Syllabus
Introduction
Outline
Open Source
New Stuff
Protected Execution Facility
In transit
SVM
Base Principles
Overview
Linux KVM
Normal and Secure VM
Limitations
Layout
CSM blob
Boot changes
Ultravisor
Kernel Changes
Hardware Changes
Summary
IBM Secure Hardware
Questions
Taught by
Linux Foundation
