Explore the implementation of Protected Kernel-based Virtual Machine (pKVM) on x86 client platforms in this informative conference talk. Delve into the design principles of pKVM for x86, which aims to create multiple isolated Trusted Execution Environment (TEE) Virtual Machines with strong isolation from the host OS and user VMs. Learn about the key requirements, including minimal performance impact, small Trusted Computing Base (TCB) size, and reduced complexity in the host OS. Discover how TEE VMs can run alongside normal user VMs with minor changes to the host OS. Examine the architecture overview, performance evaluation, and future development plans for pKVM on x86. Gain insights into topics such as de-privileging the kernel, transparent platform resource management, memory protection, interrupt handling, MMIO handling, and DMA protection.
Supporting TEE on x86 Client Platforms with pKVM
Overview
Syllabus
Intro
Use Scenario of TEE on Client Platform
Protected KVM (pKVM)
PKVM Flow Overview
De-privilege Kernel (ARM vs. X86) VS
Transparent Platform Resource
Memory Protection
Interrupt Handling
MMIO Handling
DMA Protection
Key Arch Comparation
PKVM-X86 Arch Overview
Performance Evaluation - Primary VM
Status Update & Next Step
Taught by
Linux Foundation
