Explore the virtualization of Arm TrustZone on KVM in this 28-minute conference talk from KVM Forum. Learn about the current limitations of KVM in supporting TrustZone virtualization and discover the proposed solution to extend KVM for exposing virtual TrustZone to virtual machines. Understand the techniques used to virtualize TrustZone's CPU features, including multiplexing virtual EL3 and secure EL1 on normal world EL1, and the trap-and-emulate approach for handling sensitive instructions. Gain insights into the implementation of virtual secure memory and secure IO mapping in QEMU. Discover the prototype's capability to boot a paravirtualized OP-TEE and learn about future plans for open-sourcing the implementation. Explore potential next steps, including TrustZone exposure to confidential VMs based on pKVM and Arm CCA, as well as QEMU extensions for virtualizing secure IO devices like TZPC.
Overview
Syllabus
Virtualizing Arm TrustZone on KVM by Chun Yen Lin & Shih-Wei Li
Taught by
KVM Forum
Related Courses
-
KVM: Arm Confidential Compute Architecture Support
-
QEMU Arm CPU Models and KVM for Guest Migration
-
OP-TEE: Using TrustZone to Protect Our Own Secrets
-
TEEP Implementation on RISC-V Keystone and Arm TrustZone
-
Emulating Hyper-V's Virtual Secure Mode with QEMU and KVM
-
Virtio and Confidential Computing - Balancing Guest Security with Hypervisor Functionality
