Secure Interrupt Delivery - Lessons Learned from Alternate Injection Enablement
Linux Plumbers Conference via YouTube
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the technical implementation and challenges of securing interrupt delivery in SEV-SNP virtual machines through this 17-minute conference talk from the Linux Plumbers Conference. Discover how the SEV-SNP Alternate Injection feature leverages a Secure VM Service Module (SVSM) and APIC emulation to protect guests against malicious injection attacks. Learn about the comprehensive enablement process across multiple components including KVM, SVSM, OVMF, and the guest kernel, with detailed insights into bypassing KVM APIC emulation using doorbell pages and managing complex VMPL switches during interrupt delivery to VMPL2 through Restricted Injection. Gain understanding of the Restricted Injection handler architecture, APIC emulation within the SVSM, and the intricate interactions between SVSM, KVM, OVMF, and guest kernels. Additionally, examine a practical trace tool developed during the enablement work that combines KVM and guest code traces for enhanced debugging capabilities.
Syllabus
Secure Interrupt delivery: Lessons Learned from Alternate Injection Enablement - Melody Wang (AMD)
Taught by
Linux Plumbers Conference