Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Upcoming x86 Technologies for Malicious Hypervisor Protection

Linux Foundation via YouTube

Overview

Explore AMD's next-generation x86 virtualization isolation technology, SEV-SNP (Secure Nested Paging), in this 40-minute Linux Foundation conference talk by David Kaplan from AMD. Discover how SEV-SNP builds upon existing AMD SEV and SEV-ES features to provide enhanced hardware security designed to protect virtual machines from malicious hypervisors. Learn about new memory integrity protection, use models, and increased flexibility in attestation and VM management for protected VMs in hostile environments. Delve into the specific security measures provided by the SEV-SNP architecture, its stronger threat model, and the new hardware structures and x86 instructions being implemented. Gain insights into the potential impacts on the open-source ecosystem and areas where Linux may leverage these new protections. Topics covered include threat models, VM threats, integrity enforcement, RMP checks, page validation, interrupt protections, trusted platform information, guest launch, TCB versioning, VM attestation, migration, and side channels.

Syllabus

Intro
WHY NOT TRUST THE HYPERVISOR
THREAT MODEL
VM THREATS
ENFORCING INTEGRITY
RMP CHECKS
PAGE VAU DATION
PAGE REMAPPING
INTERRUPT PROTECTIONS
UN ENLIGHTENED GUEST SUPPORT
TRUSTED PLATFORM INFORMATION
GUEST LAUNCH
TCB VERSIONING
VM ATTESTATION
VM MIGRATION
SIDE CHANNELS
SUMMARY

Taught by

Linux Foundation

Reviews

Start your review of Upcoming x86 Technologies for Malicious Hypervisor Protection

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.