Encrypted Virtual Machine Images for Confidential Computing

Abstract

KVM/QEMU has had the concept of encrypted qcow2 images for a while. Unfortunately the decryption is done inside the VMM which, in the current SEV and TDX paradigms , is outside of the trust zone and thus inappropriate for Confidential Computing because the machine owner must be privy to the image encryption key. We introduce a new encrypted image format, which is very similar to the current encrypted image format except that decryption is done inside the guest instead of in the VMM, thus making it suitable for Confidential Computing. This presentation will explain the image format, how it works both inside and outside of Confidential Computing hardware, and for the AMD SEV hardware, how attestation, trust and secret key release work, including a demo of the feature. Getting all this to work requires patches to tianocore/OVMF, qemu and grub, which we will describe and explain (and give the current upstream status).