Tobin Feldman-Fitzthum
Tobin Feldman-Fitzthum is a Software Engineer at the T.J. Watson IBM Research Center. His focus is secure virtualization and confidential computing. After working on live migration, encrypted disk images, and remote attestation for confidential VMs, Tobin helped found the Confidential Containers project and establish it as a CNCF sandbox project.
Session
Two recent papers about serverless confidential computing have identified key overheads when booting SEV and SNP guests with OVMF. Are these claims well-founded? This talk will show how to benchmark OVMF while avoiding common pitfalls and identify overhead introduced when confidential computing is enabled. Furthermore the talk will unravel whether overhead is the result of hardware requirements, firmware design, or implementation error. Will alternate firmware layouts and boot schemes (e.g. IGVM and the SVSM) ameliorate these issues or make them worse?