logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

AMD SEV-SNP Attestation: Establishing Trust in Guests

Conference:  Linux Security Summit Europe 2022
Authors: Jeremy Powell
2022-09-15

tldr - powered by Generative AI

The presentation discusses attestation in a confidential computing environment and the threats around misconfiguring the platform and guest on its launch. It covers platform measurements, guest measurements, authenticity of attestation reports, and connecting the dots between different components.
  • Attestation is necessary to delegate security decisions to a remote relying party
  • The trusted computing base for a guest running an SP starts at the hardware root of trust
  • The TCB version is reported in the attestation report for the identity of the mutable firmware
  • Guest measurements include image, metadata, and runtime environment
  • Authenticity of attestation reports can be determined by comparing the report ID of the migration agent
  • Connecting the dots between different components involves chaining trust from a small kernel bootloader to the rest of the system
Tags:
confidential compute environment
hypervisor
VMs
AMD SEV
attestation report