Upcoming x86 Technologies for Malicious Hypervisor Protection - David Kaplan, AMD

Описание к видео Upcoming x86 Technologies for Malicious Hypervisor Protection - David Kaplan, AMD

Upcoming x86 Technologies for Malicious Hypervisor Protection - David Kaplan, AMD
Forum 1

Speakers: David Kaplan
This talk will introduce AMD SEV-SNP (Secure Nested Paging), the next generation of AMD’s x86 virtualization isolation technology. Building upon the existing AMD SEV and AMD SEV-ES features released in 2017, SEV-SNP provides additional hardware security that is designed to protect VMs from malicious hypervisors. SEV-SNP adds new memory integrity protection, new use models, and more flexibility in attestation and VM management when working with protected VMs in hostile environments.

This talk will delve into the specific security that is provided by the SEV-SNP architecture, the stronger threat model that it supports, and the new hardware structures and x86 instructions being added to implement these protections. Finally, this talk will discuss the impacts of these changes to the open source ecosystem and identify areas where Linux may desire to take advantage of these new protections.

Комментарии

Информация по комментариям в разработке