Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the integration of ARM's Confidential Computing Architecture (CCA) with libkrun, a lightweight virtual machine monitor written in Rust, in this 19-minute conference talk from KVM Forum. Learn how libkrun, commonly used in contexts like Podman for secure workload execution in micro-VMs, is being enhanced to support ARM's confidential computing capabilities. Discover how confidential computing provides strong isolation between guest and host systems by encrypting memory and CPU state, preventing hosts from inspecting or modifying sensitive data. Understand how CCA extends this security model to ARM environments alongside AMD SEV-SNP and Intel TDX, implementing memory encryption, access violation exception handling, and attestation mechanisms that allow guests to verify their trusted execution environment. Follow the development process built on ARM's FVP simulator for rapid testing and iteration, examine the design and integration with virtee/cca, and see demonstrations of libkrun launching confidential ARM guests. Gain insights into the current state of guest-side CCA support that has been upstreamed, the ongoing kernel support (KVM) review process, and understand the remaining work needed, particularly in attestation mechanisms, along with future development directions for this confidential computing implementation.
