2024-09-22 –, Hall C+D
The COCONUT Secure VM Service Module (COCONUT-SVSM) is evolving from a service module for confidential VMs to a paravisor layer for running unenlightened operating systems. This talk will highlight the COCONUT-SVSM community's achievements in the past year and introduce the project's direction towards paravisor support.
While significant progress has been made, challenges remain within the COCONUT codebase and upstream adoption within the KVM hypervisor. The presentation will delve into proposed solutions to enable support for AMD SEV-SNP VMPLs and Intel TDX partitioning within KVM and QEMU. A particular focus will be placed on the intricacies and challenges associated with the IRQ delivery architecture.
Jörg is a long-term Linux kernel developer with a history of working on virtualisation, IOMMUs, and the X86 architecture. In the past years his focus has shifted towards Confidential Computing, where Jörg brought guest support for AMD SEV-ES into the upstream Linux kernel.
From there he moved on to initiate the COCONUT-SVSM project, which was published in March 2023 and gained a broad developer community since then.
Roy Hopkins has over 15 years of software development experience in the field of
data protection. Specialising in confidential computing, he has extensive
knowledge of isolation technologies including Intel SGX and AMD SEV and related
hardware. He is currently working on enabling KVM for the COCONUT-SVSM project.