Speaker
Description
Windows Credential Guard is a security feature that provides protection to user credentials by utilizing Hyper-V's Virtual Secure Mode (VSM) hypervisor enlightenments. This feature comes enabled by default in Windows 11 and is becoming a prerequisite in the industry. However, KVM has not been able to support it due to its complexity and intrusiveness.
We published a VSM proof of concept implementation alongside our upstreaming plan in the KVM forum 2023. It generated a healthy amount of interest in the project. We plan on publishing a first patch series before LPC, and believe the KVM MC and its key attendees make it a good venue to provide an update on the project and to discuss any contentious topics in person.
Additionally, VSM introduces concepts that might overlap with other discussions held at the KVM MC, like multiple execution contexts per-vCPU and dynamic permission updates of IOMMU and MMU page tables.