Roy Hopkins
Roy Hopkins has over 15 years of software development experience in the field of
data protection. Specialising in confidential computing, he has extensive
knowledge of isolation technologies including Intel SGX and AMD SEV and related
hardware. He is currently working on enabling KVM for the COCONUT-SVSM project.
Session
The COCONUT Secure VM Service Module (COCONUT-SVSM) is evolving from a service module for confidential VMs to a paravisor layer for running unenlightened operating systems. This talk will highlight the COCONUT-SVSM community's achievements in the past year and introduce the project's direction towards paravisor support.
While significant progress has been made, challenges remain within the COCONUT codebase and upstream adoption within the KVM hypervisor. The presentation will delve into proposed solutions to enable support for AMD SEV-SNP VMPLs and Intel TDX partitioning within KVM and QEMU. A particular focus will be placed on the intricacies and challenges associated with the IRQ delivery architecture.