Supporting Guest Private Memory in Protected KVM on Android

Explore the implementation of guest private memory support in Protected KVM (pKVM) on Android for Arm64 in this 21-minute conference talk from the Linux Plumbers Conference. Dive into the current approach for confidential computing in pKVM, comparing it with hardware-supported solutions like Intel's TDX, AMD's SEV, and Arm's CCA. Learn about the challenges of the current KVM API for presenting guest memory to the host and discover how guest private memory addresses these issues. Examine the process of porting the proposed guest memory interface to pKVM on Android, highlighting key differences from the original TDX target. Gain insights into the benefits of a unified API for Linux-based confidential computing proposals and understand the potential impact on Android's current GUP-based approach. Aimed at kernel developers interested in confidential computing or virtualization, this talk provides valuable information on advancing secure guest memory management in virtualized environments.

Supporting guest private memory in Protected KVM on Android - Fuad Tabba