Sep 12 – 14, 2022
Europe/Dublin timezone

Secure bootloader for Confidential Computing

Sep 12, 2022, 10:05 AM
"Ulster & Munster" (Clayton Hotel on Burlington Road)

"Ulster & Munster"

Clayton Hotel on Burlington Road

System Boot and Security MC System Boot and Security MC


Ken Lu (Intel) Jiewen Yao


Confidential computing (CC) provides a solution for data protection with hardware-based Trusted Execution Environment (TEE) such as Intel TDX, AMD SEV, or ARM RME. Today, Open Virtual machine Firmware (OVMF) and shim+grub provided necessary initialization for confidential virtual machine (VM) guest. More important, they acted as the chain of trust for measurement to support TEE attestation. In this talk, we would like to introduce the CC measurement infrastructure in the OVMF together with shim and grub, and how the VM guest uses the measurement information to support TEE runtime attestation. Finally we would like to discuss the attestation-based disk encryption solution in CC and compare the options in pre-boot phase (OVMF), OS loader phase (grub) or kernel early boot phase (initrd) and related cloud use case.

I agree to abide by the anti-harassment policy Yes

Primary authors

Ken Lu (Intel) Jiewen Yao min xu

Presentation materials

Diamond Sponsor

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Speaker Gift Sponsor

Catchbox Sponsor

Video Recording Sponsor

Livestream Sponsor

T-Shirt Sponsor

Conference Services Provided by