Post Syndicated from original https://lwn.net/Articles/838488/rss

As an ever-growing number of workloads are being moved to the cloud, CPU
vendors have begun to roll out purpose-built hardware features to isolate
virtual machines (VMs) from potentially hostile parties. These processor
features, and their extensions, enable the notion of “secure VMs” (or
“confidential VMs”) — where a VM’s “sensitive state” needs to be protected
from untrusted entities. Drawing from his experience
contributing to the secure VM implementation for the s390 architecture, Janosch Frank described
the challenges involved in a talk at the 2020 (virtual) KVM
Forum. Though the implementations across CPU vendors may vary, there are
many shared problems, which opens up possibilities for collaboration.