Tyler Fanelli
Tyler Fanelli
With legacy SEV largely being replaced by SEV-SNP, is it worthwhile to remove the `libkrun-sev` (containing both SEV and SEV-SNP modules) in favor of strictly `libkrun-snp`? This is motivated by...
Currently, the KBS protocol offers a standard interface for clients to attest their TEEs. Multiple implementations of a KBS server could be created, but as long as the protocol is...
With latest `libkfrunfw`, the `chroot_vm` example (instructions shown in README) fails with a `Segmentation fault`.
In libkrun-sev, we package a custom qboot, kernel, and init. To support upstream kernels with TEEs, we require more firmware support. Investigate the use of [rust-hypervisor-firmware](https://github.com/cloud-hypervisor/rust-hypervisor-firmware) as libkrun's firmware.
Each client attesting with the KBS has a session that tracks the "attestation state" of that client (authenticated or attested). Currently, the sessions are managed by the `AttestationService` struct (found...
TEEs are most likely found in security-sensitive environments where applications are deployed on untrusted systems such as the cloud or edge. In additions of TEE protections, some users in these...
# verify/evidence: Add claims to JSON response ## Type of Change *(Select all that apply)* - [ ] Bug fix (non-breaking change) - [ ] New feature (non-breaking change) -...
We were recently exploring this for firmware in the [libkrun](https://github.com/containers/libkrun) hypervisor. One question we have is the prospect of TEE support (SEV-SNP, TDX). Is there a roadmap for support?