KVM Forum 2021 has ended
Virtual Event | September 15-16, 2021
View More Details

The Sched app allows you to build your schedule but is not a substitute for your event registration. In addition, you must be registered for KVM Forum to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Coordinated Universal Time (UTC)Please select from the drop-down menu to the right to see the schedule in your preferred timezone above "Filter by Date."
Back To Schedule
Thursday, September 16 • 14:05 - 14:30
Encrypted Virtual Machine Images for Confidential Computing - James Bottomley, IBM & Brijesh Singh, AMD

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
KVM/QEMU has had the concept of encrypted qcow2 images for a while. Unfortunately the decryption is done inside the VMM which, in the current SEV and TDX paradigms , is outside of the trust zone and thus inappropriate for Confidential Computing because the machine owner must be privy to the image encryption key. We introduce a new encrypted image format, which is very similar to the current encrypted image format except that decryption is done inside the guest instead of in the VMM, thus making it suitable for Confidential Computing. This presentation will explain the image format, how it works both inside and outside of Confidential Computing hardware, and for the AMD SEV hardware, how attestation, trust and secret key release work, including a demo of the feature. Getting all this to work requires patches to tianocore/OVMF, qemu and grub, which we will describe and explain (and give the current upstream status).

avatar for James Bottomley

James Bottomley

James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the BoardJames Bottomley is a Distinguished Engineer at IBM Research where he works on... Read More →

Brijesh Singh

SMTS, Advanced Micro Devices
Brijesh Singh is a member of the Linux OS group at Advanced Micro Devices. He is responsible for enabling and enhancing support for AMD processor features in the Linux kernel. He is currently working on extending the SEV support to enable SEV-SNP (Secure Nested Paging).

Thursday September 16, 2021 14:05 - 14:30 UTC