News from the COCONUT-SVSM community

Abstract

The COCONUT-SVSM project was publicly announced last year at the OC3 conference and gained a lot of traction since then. A diverse community has formed around the project and COCONUT is on its way to becoming an official Confidential Computing Consortium project.This session will give an overview of what happened in the COCONUT project over the last year and cover some of the most exciting developments in detail. For that, the session is divided into four parts.In part one Joerg Roedel from SUSE will summarize the developments and of the COCONUT-SVSM project in 2023 and the current status of the project. Also an outlook to what is expected in the coming year will be given.Part two will be led by Claudio Carvalho and Gheorghe Almasi from IBM and it will cover the work on using the COCONUT-SVSM to run a virtual Trusted Platform Module (vTPM). Keylime will be used to demonstrate how the SVSM vTPM can be leveraged to attest the entire lifetime of AMD SNP Confidential VMs.In the third part Oliver Steffen and Stefano Garzarella from Red Hat will describe an approach in which the COCONUT-SVSM carries out the remote attestation during the early boot phase. It then provides a vTPM and a UEFI variable service to the OVMF firmware and the Linux guest OS to secure the rest of the boot process. The remote attestation flow from within the COCONUT-SVSM will be demonstrated using a key broker service.In part four Ralph Waldenmaier from Amazon Web Services will demonstrate how to develop and run COCONUT-SVSM in Amazon EC2 on a bare metal instance. He will explain what bare metal instances are, how they work, how they differ from the existing virtualized SEV-SNP enabled instances and why they are a great fit for COCONUT-SVSM development. Finally, he will provide steps necessary to set up and demo a working COCONUT-SVSM environment on bare metal instances in Amazon EC2.