The Secure VM Service Module - An In-Guest Paravisor in Rust
by Joerg Roedel at SUSE Labs Conference 2022
Thanks to our conference sponsors, ARM and HPE, and our hosting sponsor and BigBlueButton provider, Blindside Networks.
The AMD SEV-SNP architecture introduced VM privilege levels which allow secure separation of components in guest context.They can be used to move hypervisor components from untrusted host into trusted guest context, for example, to securely emulate a TPM inside the guest. In the past months AMD and SUSE have been working on a Secure VM Service Module (SVSM) written in Rust, which runs below the guest firmware and OS to provide secure services. This talk will dive into the SEV-SNP architecture and the design and implementation of the Rust-based SVSM. Finally possible future directions of the SVSM will be discussed.