Gerd Hoffmann
Gerd Hoffmann is working in the Red Hat virtualization team. Main
focus in recent years is firmware for virtual machines, where he is
working on both guest side projects (seabios, edk2, svsm) and host
side support in qemu. Before getting more deeply involved in firmware
support Gerd has maintained multiple subsystems (graphics, usb, audio)
in qemu.
Session
Roughly ten years ago secure boot support for virtual machines made
its debut. Available for x86 architecture and q35 machine type,
building on SMM emulation in qemu and kernel, essentially following
what physical hardware is doing.
Since then the world has moved forward, putting up a number of
challenges for secure boot support.
-
confidential computing - SEV-ES, SEV-SNP and TDX are by design
incompatible with SMM emulation because the host has no access to
guest register state (which is needed to emulate SMM context
switch). -
aarch64 platform - el3 aka secure world emulation (roughly
compareable to SMM mode) is unlikely to happen anytime soon. -
riscv64 platform - simliar to aarch64 (except it's named supervisor
mode there). -
CONFIG_KVM_SMM - kvm support for SMM emulation is optional now.
Proposed by google at kvm forum, to reduce kvm complexity, was
merged in 2022.
This will talk will discuss how secure boot can be supported without
depending on SMM emulation and it will present the work in various
projects (tianocore edk2, qemu, coconut svsm) to make that happen.