The COCONUT Secure VM Service Module

The threat model for confidential virtual machines (CVMs) moves the hypervisor out of the trusted computing base (TCB), and with it all emulated devices. There is work underway to harden Linux against misbehaving device emulations, but there are devices with security sensitive state where this is not possible. These devices need to be emulated inside the TCB to maintain security.
The COCONUT Secure VM Service Module (SVSM) uses VM privilege levels on AMD SEV-SNP hardware to provide secure services and device emulations for CVMs. This talk will cover how the project came to be, how it relates to other SVSM implementations, and how it fits into the KVM virtualization stack. The underlying design will be covered and future plans will be put up for discussion. These include ideas for emulating security sensitive devices, data storage, and others.

Скачать видео