20-24 September 2021
US/Pacific timezone

Attestation and Secret Injection for Confidential VMs & Containers/Pods

21 Sep 2021, 10:15
25m
Microconference2/Virtual-Room (LPC Virtual)

Microconference2/Virtual-Room

LPC Virtual

150
Confidential Computing MC Confidential Computing MC

Speakers

Jim Cadden (IBM Research) James Bottomley (IBM Research)

Description

Attestation is an important step in the setup of a confidential enclave in a public cloud environment. Through this process a guest owner can externally validate the software being run in their enclave before any confidential information is exposed. In this talk, we discuss the design and challenges of measuring and validating a guest enclave, and safely injecting guest owner secrets into the enclave. Our discussion will focus on the AMD SEV architectures (SEV, SEV-ES, and SEV-SNP) and how their hardware-enforced attestation and pre-attestation procedures map onto the deployment of guest VMs and confidential containers (i.e., Kata Containers).

By attending this talk, you will gain an understanding of the attestation and measurement features of the AMD SEV architectures, as well as the challenges of doing attestation for confidential VMs and containers/Pods in a public cloud. In addition, we will overview other attestation approaches such as those of Intel TDx, SecureBoot, and other software-based techniques.

I agree to abide by the anti-harassment policy I agree

Primary authors

Jim Cadden (IBM Research) James Bottomley (IBM Research)

Presentation Materials