Live Migration Architecture for Intel TDX-based Confidential VMs

Explore the architecture for live migration of Intel TDX-based Confidential VMs in this 38-minute conference talk by Ravi Sahita and Jun Nakajima from Intel. Delve into the Intel Trust Domain Extension (TDX) recap, live migration goals, security properties, and functional requirements. Examine the components of Intel TDX live migration, new architectural interfaces, and cross-platform perspectives. Understand the lifecycle of TD migration and various security objectives, including confidentiality and integrity of content and exports, access control of migration TD assets, and integrity of TD migration policy. Learn about software implications on KVM, iterative pre-copy techniques, and considerations for scalability and efficiency in implementing live migration for confidential computing environments.

Intro
OUTLINE
INTEL TRUST DOMAIN EXTENSION (INTEL TDX) - RECAP
TO LIVE MIGRATION ARCHITECTURE GOALS
TD LIVE MIGRATION SECURITY & FUNCTIONAL PROPERTIES
INTEL TDX LIVE MIGRATION COMPONENTS
NEW INTEL TDX ARCHITECTURAL INTERFACES & MIG TD
INTEL TDX LIVE MIGRATION-CROSS PLATFORM VIEW
TD MIGRATION - LIFECYCLE
SECURITY OBJECTIVE-CONFIDENTIALITY AND INTEGRITY OF CONTA
SECURITY OBJECTIVE-CONFIDENTIALITY & INTEGRITY OF EXPORTE
SECURITY OBJECTIVE - ACCESS-CONTROL OF MIG TD ASSETS
SECURITY OBJECTIVE-INTEGRITY OF TD MIGRATION POLICY
SOFTWARE IMPLICATIONS ON KVM (CONT.)
ITERATIVE PRE-COPY
SCALABILITY AND EFFICIENCY