Libkrun Meets ARM Confidential Computing Architecture — No Hardware Required (for Now ;))
Libkrun is a lightweight virtual machine monitor written in Rust, used in contexts like Podman to securely run workloads in micro-VMs. In this talk, we present our ongoing work to bring support for ARM's Confidential Computing Architecture (CCA) to libkrun. Confidential computing enables strong isolation between the guest and the host by encrypting memory and CPU state, preventing the host from inspecting or modifying sensitive data. CCA, along with AMD SEV-SNP and Intel TDX, extends this model to the ARM world. Memory is encrypted, access violations trigger exceptions, and attestation mechanisms let guests verify they are running in a trusted environment. To develop this support, we’ve built on top of ARM’s FVP simulator, which allows us to test and iterate rapidly. While guest-side support for CCA is already upstreamed, kernel support (KVM) is still under review. We’ll walk through the design, the integration with virtee/cca, and demonstrate how libkrun can already launch a confidential ARM guest. Finally, we’ll cover what’s left — particularly attestation — and where we go from here.