Upcoming EuroBSDCon OpenBSD talk
Confidential Computing with OpenBSD by Hans-Jörg Höxer
Confidential computing is a family of techniques to enhance security
and confidentiality for data in use. One technical approach is strong
isolation for virtual machines.
AMDs Secure Encrypted Virtualization (SEV) offers several feature sets
for isolation of guest virtual machines from an non-trusted host hypervisor
and operating system. These feature sets include memory encryption,
encryption of guest state including CPU registers and an attestation
framework.
In this talk we will explore some of the AMD SEV feature sets. We will
describe how to use them to run OpenBSD as both
- a confidential guest VM and
- a host hypervisor providing a confidential execution environment.
Topics covered are CPU feature detection, low level kernel initialization,
memory management, virtio(4) device drivers and the virtual machine
daemon vmd(8).
I](https://events.eurobsdcon.org/2024/speaker/ZZNGCU/)
Tickets are still available and this talk will be streamed and recorded for later release.