KVM Forum 2025

Gerd Hoffmann

Gerd Hoffmann is working in the Red Hat virtualization team. Main
focus in recent years is firmware for virtual machines, where he is
working on both guest side projects (seabios, edk2, svsm) and host
side support in qemu. Before getting more deeply involved in firmware
support Gerd has maintained multiple subsystems (graphics, usb, audio)
in qemu.


Session

09-04
09:45
30min
virtual secure boot in 2025 -- the confidential computing edition
Gerd Hoffmann

Roughly ten years ago secure boot support for virtual machines made
its debut. Available for x86 architecture and q35 machine type,
building on SMM emulation in qemu and kernel, essentially following
what physical hardware is doing.

Since then the world has moved forward, putting up a number of
challenges for secure boot support.

  • confidential computing - SEV-ES, SEV-SNP and TDX are by design
    incompatible with SMM emulation because the host has no access to
    guest register state (which is needed to emulate SMM context
    switch).

  • aarch64 platform - el3 aka secure world emulation (roughly
    compareable to SMM mode) is unlikely to happen anytime soon.

  • riscv64 platform - simliar to aarch64 (except it's named supervisor
    mode there).

  • CONFIG_KVM_SMM - kvm support for SMM emulation is optional now.
    Proposed by google at kvm forum, to reduce kvm complexity, was
    merged in 2022.

This will talk will discuss how secure boot can be supported without
depending on SMM emulation and it will present the work in various
projects (tianocore edk2, qemu, coconut svsm) to make that happen.

Room 2