Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the technical implementation and challenges of securing interrupt delivery in SEV-SNP virtual machines through this 17-minute conference talk from the Linux Plumbers Conference. Discover how the SEV-SNP Alternate Injection feature leverages a Secure VM Service Module (SVSM) and APIC emulation to protect guests against malicious injection attacks. Learn about the comprehensive enablement process across multiple components including KVM, SVSM, OVMF, and the guest kernel, with detailed insights into bypassing KVM APIC emulation using doorbell pages and managing complex VMPL switches during interrupt delivery to VMPL2 through Restricted Injection. Gain understanding of the Restricted Injection handler architecture, APIC emulation within the SVSM, and the intricate interactions between SVSM, KVM, OVMF, and guest kernels. Additionally, examine a practical trace tool developed during the enablement work that combines KVM and guest code traces for enhanced debugging capabilities.
