KVM Forum 2025

Attesting Confidential Devices and Provisioning Secure Workload Identities with Trustee
2025-09-05 , Room 2

Trustee is an attestation and resource management service for confidential guests. This talk will cover a year of Trustee development and highlight the features that are on the horizon. The two most significant areas of development and discussion are attesting CVMs with confidential devices attached to them and provisioning identities to confidential guests. While these topics have been been a stumbling block in the past, we have made big steps forward. For confidential devices, the first iteration of Trustee support allows us to attest confidential VMs that have devices like the NVIDIA H100 attached via cold-plug. This talk will describe how this is implemented and show the plan for generalizing this to TDISP devices.

The second area, confidential identity, is one of the most subtle parts of confidential computing. This talk will classify why it is so difficult to reason about the identity of a confidential guest and show how we are finally adding an identity system to Trustee.

Tobin Feldman-Fitzthum is a Software Engineer at the T.J. Watson IBM Research Center. His focus is secure virtualization and confidential computing. After working on live migration, encrypted disk images, and remote attestation for confidential VMs, Tobin helped found the Confidential Containers project and establish it as a CNCF sandbox project.