The COCONUT Secure VM Service Module for Confidential Virtual Machines
Offered By: KVM Forum via YouTube
Course Description
Overview
Explore the COCONUT Secure VM Service Module (SVSM) in this 30-minute KVM Forum conference talk. Delve into the world of confidential virtual machines (CVMs) and learn how the threat model shifts the hypervisor out of the trusted computing base (TCB). Discover the ongoing efforts to harden Linux against misbehaving device emulations and understand why certain security-sensitive devices require emulation within the TCB. Examine how the COCONUT SVSM leverages VM privilege levels on AMD SEV-SNP hardware to provide secure services and device emulations for CVMs. Gain insights into the project's origins, its relationship with other SVSM implementations, and its integration into the KVM virtualization stack. Explore the underlying design principles and engage in discussions about future plans, including ideas for emulating security-sensitive devices and data storage solutions.
Syllabus
The COCONUT Secure VM Service Module
Taught by
KVM Forum
Related Courses
Upcoming x86 Technologies for Malicious Hypervisor ProtectionLinux Foundation via YouTube What's New in Azure Confidential Computing
Microsoft via YouTube A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP
IEEE via YouTube SEV-SNP Development Status Update - Current Progress and Future Plans
Linux Foundation via YouTube Providing Confidential Guest Services with a Secure VM Service Module on AMD
Linux Foundation via YouTube