13–15 Nov 2023
America/New_York timezone

Hyper-V's Virtual Secure Mode in KVM project update

14 Nov 2023, 12:15
20m
"James River Salon A" (Omni Richmond Hotel)

"James River Salon A"

Omni Richmond Hotel

82
KVM MC KVM MC

Speaker

Nicolas Saenz Julienne (AWS)

Description

Windows Credential Guard is a security feature that provides protection to user credentials by utilizing Hyper-V's Virtual Secure Mode (VSM) hypervisor enlightenments. This feature comes enabled by default in Windows 11 and is becoming a prerequisite in the industry. However, KVM has not been able to support it due to its complexity and intrusiveness.

We published a VSM proof of concept implementation alongside our upstreaming plan in the KVM forum 2023. It generated a healthy amount of interest in the project. We plan on publishing a first patch series before LPC, and believe the KVM MC and its key attendees make it a good venue to provide an update on the project and to discuss any contentious topics in person.

Additionally, VSM introduces concepts that might overlap with other discussions held at the KVM MC, like multiple execution contexts per-vCPU and dynamic permission updates of IOMMU and MMU page tables.

Primary authors

Presentation materials

Diamond Sponsors
Platinum Sponsor
Gold Sponsors
Silver Sponsors
Catchbox Sponsor
Livestream Sponsors
T-Shirt Sponsor
Conference Services Provided by