Supporting TEE on x86 Client Platforms with pKVM

Explore the implementation of Protected Kernel-based Virtual Machine (pKVM) on x86 client platforms in this informative conference talk. Delve into the design principles of pKVM for x86, which aims to create multiple isolated Trusted Execution Environment (TEE) Virtual Machines with strong isolation from the host OS and user VMs. Learn about the key requirements, including minimal performance impact, small Trusted Computing Base (TCB) size, and reduced complexity in the host OS. Discover how TEE VMs can run alongside normal user VMs with minor changes to the host OS. Examine the architecture overview, performance evaluation, and future development plans for pKVM on x86. Gain insights into topics such as de-privileging the kernel, transparent platform resource management, memory protection, interrupt handling, MMIO handling, and DMA protection.