Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the evolution of secure boot support for virtual machines in this conference talk that addresses the challenges and solutions for implementing secure boot without SMM emulation dependency. Learn how the landscape has changed since secure boot's debut ten years ago for x86 architecture and q35 machine type, and discover why traditional SMM-based approaches are incompatible with modern confidential computing technologies like SEV-ES, SEV-SNP, and TDX. Examine the limitations faced by aarch64 and riscv64 platforms where secure world emulation remains challenging, and understand the implications of CONFIG_KVM_SMM becoming optional in KVM to reduce complexity. Discover ongoing work across multiple projects including tianocore edk2, qemu, and coconut svsm that aims to enable secure boot functionality in confidential computing environments without relying on SMM emulation, providing practical solutions for next-generation virtualized security implementations.
