Explore the COCONUT Secure VM Service Module (SVSM) in this 30-minute KVM Forum conference talk. Delve into the world of confidential virtual machines (CVMs) and learn how the threat model shifts the hypervisor out of the trusted computing base (TCB). Discover the ongoing efforts to harden Linux against misbehaving device emulations and understand why certain security-sensitive devices require emulation within the TCB. Examine how the COCONUT SVSM leverages VM privilege levels on AMD SEV-SNP hardware to provide secure services and device emulations for CVMs. Gain insights into the project's origins, its relationship with other SVSM implementations, and its integration into the KVM virtualization stack. Explore the underlying design principles and engage in discussions about future plans, including ideas for emulating security-sensitive devices and data storage solutions.
The COCONUT Secure VM Service Module for Confidential Virtual Machines
Overview
Syllabus
The COCONUT Secure VM Service Module
Taught by
KVM Forum
Related Courses
-
Accounting and Page Migration Challenges in Secure Guests Using FD-Based Private Memory
-
Providing Confidential Guest Services with a Secure VM Service Module on AMD
-
Zero-Trust vTPM for AMD SEV-SNP Confidential Virtual Machines
-
Remote Attestation in AMD SEV-SNP Confidential VMs
-
AMD SEV-TIO - Trusted I/O for Secure Encrypted Virtualization
-
Supporting Live Migration of Confidential VMs in KVM
