Jörg Rödel
The COCONUT Secure VM Service Module
The threat model for confidential virtual machines (CVMs) moves the hypervisor (HV) out of the trusted computing base (TCB). With the HV being untrusted there is a trend in CVM systems to move parts of the HV functionality into the trusted guest context.
This talk will present the current work on the COCONUT Secure VM Service module (SVSM), a system level software written in Rust which implements HV services within CVMs running under AMD SEV-SNP. The SVSM will be used to emulate security sensitive devices like a TPM and in the future will grow into a paravisor which allows to run mostly unmodified operating systems with AMD SEV-SNP protection. The talk will describe the basic design of the SVSM, the current state and the roadmap with future plans.
This talk will present the current work on the COCONUT Secure VM Service module (SVSM), a system level software written in Rust which implements HV services within CVMs running under AMD SEV-SNP. The SVSM will be used to emulate security sensitive devices like a TPM and in the future will grow into a paravisor which allows to run mostly unmodified operating systems with AMD SEV-SNP protection. The talk will describe the basic design of the SVSM, the current state and the roadmap with future plans.
back to overview
Watch Recording
