TUM Logo

Emulation of Confidential Computing Hardware: AMD SEV-SNP / Intel TDX

Emulation of Confidential Computing Hardware: AMD SEV-SNP / Intel TDX

Supervisor(s): Joana Pecholt, Simon Ott
Status: open
Topic: Others
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Master’s thesis in cooperation with Fraunhofer AISEC

Emulation of Confidential Computing Hardware: AMD SEV-SNP / Intel TDX

Confidential Computing technologies are a promising tool for cloud computing. They aim
to protect data while being processed in the cloud by preventing the cloud provider and
platform owner from gaining access to it. AMD SEV-SNP and Intel TDX in particular do
this by providing confidential virtual machines. Memory of these VMs remains confiden-
tial and integrity-protected at all times and the technologies provide remote attestation
mechanisms for verification. Extensive work has analyzed, broken and improved upon
these technologies. Especially for proof of concept implementations, however, creating,
testing and verifying code requires specific server hardware that is not readily available to
everyone.
This thesis aims to design and implement emulators for either AMD SEV-SNP or Intel
TDX.

Task Description
In this thesis, the focus lies on providing AMD SEV-SNP or Intel TDX remote attestation
mechanisms to a VM hosted on conventional hardware. For this, the student researches
and evaluates required components needed to emulate these. The student then creates a
design and proof of concept implementation that provides the corresponding remote attes-
tation mechanism to the guest VM, e.g., by modifying and extending the virtual machine
manager (VMM) QEMU. If possible, guest VM and host kernel shall remain unchanged.

Requirements
• High motivation and ability to work independently
• Good understanding of virtualization concepts
• Experience with QEMU / KVM and Linux kernels

Contact
Please send your application with current CV and transcript of records to:

Joana Pecholt
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Secure Operating Systems
Lichtenbergstr. 11, 85748 Garching near Munich
Mail: joana.pecholt@aisec.fraunhofer.de

Simon Ott
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Secure Operating Systems
Lichtenbergstr. 11, 85748 Garching near Munich
Mail: simon.ott@aisec.fraunhofer.de


Publication Date: 11.06.2024