2024-09-22 –, Hall C+D
The Confidential Story
Rivers, dams and kernel development
For a new hardware feature to be available to users, Linux and often other levels of the virtualization stack have to support it. The time needed for development and upstream acceptance can be substantial and difficult to predict.
This talk will analyze the past, present and future of enabling confidential computing on both the kernel and the QEMU sides. It will show how hardware vendors can benefit from working as closely as possible with upstream communities during “in-house” development, and how this can reduce the friction caused by different approaches coming in concurrently from multiple hardware vendors. I will also present the work done by Red Hat and Intel as part of the CentOS Stream Virtualization SIG, and how a stable base kernel facilitates work on confidential computing at the higher levels of the stack.
Paolo Bonzini works on virtualization for Red Hat, where he is a Distinguished Engineer. He is currently the maintainer of the KVM hypervisor and a contributor and submaintainer for QEMU.