Empowering Confidential VMs to Use Custom Firmware in Cloud Environments

Explore a method for supplying system firmware for virtual machines as part of the VM disk image in this 30-minute KVM Forum talk. Learn how this approach allows confidential VMs to use their own firmware upon instantiation, addressing trust issues for end users and update challenges for cloud providers. Discover the advantages of this technique over using IGVM container images, including simplified packaging, guest-controlled upgrades, and the ability to update firmware without redeploying VM images. Gain insights into the implementation using QEMU/KVM/EDK2/UKI and see a demonstration of the prototype in action. Understand how this innovation could revolutionize firmware management for confidential VMs across the cloud industry.

Empowering confidential VMs in the cloud to use their own firmware upon instantiation.