Splitting pKVM Into Discrete, Mutually Exclusive Address Spaces for Enhanced Security
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the advanced security features of pKVM, a confidential computing extension for KVM/arm64, in this 28-minute Linux Foundation talk. Dive into the proposed enhancements that create separate, independently tagged address spaces for improved isolation between host and guests. Learn how these changes mitigate potential vulnerabilities, reduce the impact of bugs, and minimize trust requirements for drivers. Examine the hypervisor's isolation mechanisms and common constructs used to prevent accidental data leakages. Gain insights into VCPU isolation, mobile isolation, exception levels, and strategies for dealing with buggy software in the context of confidential computing.
Syllabus
Introduction
Buggy Software
Exception Levels
Extras
VCPU Isolation
Mobile Isolation
Taught by
Linux Foundation
Tags
Related Courses
Confidential Computing in Cloud and EdgeRSA Conference via YouTube The Rise of Confidential Computing
RSA Conference via YouTube Enabling Rack-Scale Confidential Computing Using Heterogeneous Trusted Execution Environment
IEEE via YouTube Architectural Extensions for Hardware Virtual Machine Isolation to Advance Confidential Computing in Public Clouds
Linux Foundation via YouTube The Open Enclave SDK - Confidential Computing with Trusted Apps
Linux Foundation via YouTube