Conveners
Confidential Computing MC
- Joerg Roedel (AMD)
- Dhaval Giani
Description
The Confidential Computing microconferences of the past years have been a significant catalyst for better supporting trusted execution workloads in the Linux virtualization and general software stack. Since the last occurrence of the microconference AMD SEV-SNP and Intel TDX support for KVM were merged into the mainline Linux kernel as well as support for the Linux kernel running in ARM CCA environments.
But the open source software stack for confidential computing is still far from being complete. There remain many problems to be solved and functionality to enable. Some of the most important ongoing developments are:
-Support for large-page backing of confidential virtual machines (CVM).
- Privilege separation features in KVM via VM planes.
- Live migration of CVMs.
- Secure VM Service Module architecture and Linux support.
- Trusted I/O software architecture.
- Further topics to discuss are:
- Possible solutions for the full CVM (remote) attestation problem.
- Linux as a CVM operating system across hypervisors.
- Performance of CVMs.
The Confidential Computing microconference of 2025 wants to bring open source developers working on these topics together into productive discussions and to collaborate on solutions for the open problems.
Key attendees:
Ashish Kalra ashish.kalra@amd.com     
Borislav Petkov bp@alien8.de      
Dan Williams    dan.j.williams@intel.com      
Daniel P. Berrangรฉ  berrange@redhat.com   
Dr. David Alan Gilbert  dgilbert@redhat.com   
David Hansen    dhansen@linux.intel.com       
David Kaplan David.Kaplan@amd.com     
David Rientjes rientjes@google.com    
Dhaval Giani dhaval.giani@amd.com     
Dionna Amalie Glaze     dionnaglaze@google.com
Elena Reshetova     elena.reshetova@intel.com     
James Bottomley     James.Bottomley@HansenPartnership.com
Joerg Roedel joro@8bytes.org
Kirill A. Shutemov  kirill.shutemov@linux.intel.com       
Michael Roth michael.roth@amd.com     
Mike Rapoport rppt@kernel.org     
Paolo Bonzini pbonzini@redhat.com
Peter Fang peter.fang@intel.com
Peter Gonda pgonda@google.com     
Sean Christopherson     seanjc@google.com
Stefano Garzarella  sgarzare@redhat.com
Tom Lendacky thomas.lendacky@amd.com
The open-source community is hard at work on building the framework
and mechanisms allowing the assignment of devices to a trusted virtual
machine (TVM), a process commonly known as device assignment (DA).
For the TVM to trust a device, the device must provide the TVM with
Evidence claims [[RFC9334]][1] confirming its identity, the state of its firmware and
its configuration.  Since...
This presentation is to revive last [year's discussion][1] on PCIe device attestation. The first thing to understand is if last year's consensus to use netlink sockets to convey device attestation information to user space still holds. The second thing to review is the device attestation workflow itself. Given the difference between the CMA and PCI/TSM scenarios, it may be better to build...
Summary
This talk is a follow-up of LPC'24, where the community had diverse opinions on the suitable approach of attested TLS protocols for confidential computing. Meanwhile, we have defended our position (cf. [expat BoF][1]) to standardize the protocol in the [IETF][2], and a new Working Group named [Secure Evidence and Attestation Layer (SEAL)][3] is being formed to exclusively tackle...
TDISP, designed to allow a confidential VM to establish a trust relationship with a PCI device, creates new headaches for the Linux PCI stack and for virtualization components:
- Evaluating whether a device is trustworthy.
- Establishing trust with the device.
- And in particular, re-establishing trust across a VM migration to a different physical device, without workload...
The Secure VM Service Module (SVSM) for Confidential VMs can expose multiple services and virtual devices to the Linux guest. To manage these, we need a proper bus in the kernel for discovery and enumeration.
So, what is the right architectural choice for this bus? Should we write a new, minimalist bus from scratch? Or should we adapt the standardized VIRTIO framework for its broad...
