Roy Hopkins: Establishing root seeds in a vTPM with COCONUT-SVSM in Confidential VM Remote
Confidential Computing for virtual machines provides hardware protection for data as it is being processed on an untrusted host, giving strong assurance that the guest memory and context is protected from observation and manipulation by the host. In order to ensure integrity of the workload deployed into a confidential VM, CPU vendors include the ability to remotely attest the startup state of the guest. This provides verifiable cryptographic evidence that the guest is running inside a patched, up-to-date CC environment and confirms exactly what firmware the guest is running. In order to retain integrity from the verified firmware, unlock an encrypted disk and boot the operating system, a traditional secure boot process can be used. However, a TPM or equivalent is required to implement secure boot. COCONUT-SVSM provides a secure environment to implement a virtual TPM where keys and state are protected both from the host and the guest firmware. Manufacturing a vTPM requires access to persistent root seeds that must remain secure and available even when the guest is migrated to a different host. This talk introduces the process and capabilities of remote attestation with AMD SEV-SNP and discusses how this can be used during the the initialisation of COCONUT-SVSM to securely obtain vTPM seeds from a key broker service.
Смотрите видео Roy Hopkins: Establishing root seeds in a vTPM with COCONUT-SVSM in Confidential VM Remote онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь SUSE Labs 10 Июнь 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 99 раз и оно понравилось 3 людям.