KVM Forum 2021 has ended
Virtual Event | September 15-16, 2021
View More Details

The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for KVM Forum to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Coordinated Universal Time (UTC)Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."
Back To Schedule
Thursday, September 16 • 11:20 - 12:00
Don't Peek Into my Container! - Alice Frosi, Christophe de Dinechin & Sergio Lopez Pascual, Red Hat

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
"Confidential containers" is the application of such technologies to protect the data in containers. This matters for use cases where the "tenant" running the workloads has legal or business reasons to want the data being processed to be hidden from the infrastructure it is running on.

We will focus on the interaction between container runtimes and KVM, using Kata Containers and libkrun as two example implementations. This will expose both technical and market challenges enabling technologies
such as AMD-SEV or Intel TDX, that differ in their availability, capabilities but also in the way they perform attestation.

In this talk, we are going to explore how you can convert your containerized application into an encrypted workload using libkrun, KVM, and Kubernetes. You will learn the designed architecture in k8s, the challenges we face in deploying an attested and confidential workload by keeping the user experience agile as the usual container deployments.

We will also quickly show how Kata Containers recently added platform-level support, and how we plan to more significantly overhaul its architecture in order to deliver a solid value proposition in terms of security.

avatar for Christophe de Dinechin

Christophe de Dinechin

Senior Principal Software Engineer, Red Hat
Working on Kata Containers and OpenShift sandboxed containers Areas of interest: programming languages (XL), interactive 3D graphics and stereoscopy (Tao3D), physics research (theory of incomplete measurements) More info on http://c3d.github.io
avatar for Alice Frosi

Alice Frosi

Developer, Red Hat
I'm a Red Hat developer in cloud and virtualization.
avatar for Sergio Lopez Pascual

Sergio Lopez Pascual

Principal Software Engineer, Red Hat
Sergio Lopez is a Principal Software Engineer working in the Virtualization team at Red Hat. He's the maintainer of the "microvm" machine type in QEMU, libkrun, krunvm, virtiofsd-rs, and co-maintainer of various rust-vmm crates. He presented previously at various iterations of DevConf.cz... Read More →

Thursday September 16, 2021 11:20 - 12:00 UTC
  KVM Track 1
  • Presentation Slides Attached Yes