20-24 September 2021
US/Pacific timezone

Confidential Computing Microconference

Not scheduled
20m
Confidential Computing MC Confidential Computing MC

Description

Encryption technologies which protect data while in transit (SSL, VPNs) and at rest (disk encryption) are available and used for a long time already. Encryption technologies for data while it is processed are a recent addition to CPUs from various vendors. Examples are AMD SEV, Intel TDX and IBM Secure Execution on s390x.

The Linux kernel recently gained support for SEV-ES to protect data in a virtual machine from being accessed by the hypervisor. But this is only the start, Intel TDX is upcoming and AMD SEV will be further enhanced by Secure Nested Paging (SNP). Support for these technologies requires intrusive changes in the Linux kernel to support, for example, memory integrity and secure interrupt delivery to virtual machines.

The Confidential Computing Microconference wants to bring the right people together to propose and discuss solutions to the open problems for supporting these technologies in the Linux kernel and plumbing layer.

Potential open problems to discuss (no particular order):

  • Live Migration of Confidential VMs
  • Lazy Memory Validation
  • APIC emulation/interrupt management
  • Debug Support for Confidential VMs
  • Required Memory Management changes for memory validation
  • Safe Kernel entry for TDX and SEV exceptions
  • Requirements for Confidential Containers
  • Trusted Device Drivers Framework and driver fuzzing
  • Remote Attestation

Supporting links:

General Information about Confidential Computing hardware facilities can be found here:

Potential attendees (in alphabetical order):

I agree to abide by the anti-harassment policy I agree

Primary author

Joerg Roedel (SUSE)

Presentation Materials

There are no materials yet.