Hans-Jörg Höxer
Hans-Jörg Höxer is employed at genua, a german firewall manufacturer, who is using OpenBSD as a secure and stable base for its products.
Session
Confidential computing is a family of techniques to enhance security
and confidentiality for data in use. One technical approach is strong
isolation for virtual machines.
AMDs Secure Encrypted Virtualization (SEV) offers several feature sets
for isolation of guest virtual machines from an non-trusted host hypervisor
and operating system. These feature sets include memory encryption,
encryption of guest state including CPU registers and an attestation
framework.
In this talk we will explore some of the AMD SEV feature sets. We will
describe how to use them to run OpenBSD as both
- a confidential guest VM and
- a host hypervisor providing a confidential execution environment.
Topics covered are CPU feature detection, low level kernel initialization,
memory management, virtio(4) device drivers and the virtual machine
daemon vmd(8).