TUM Logo

Reducing Boot Overhead of AMD SEV-SNP VMs with Support for Privilege Levels

Reducing Boot Overhead of AMD SEV-SNP VMs with Support for Privilege Levels

Supervisor(s): Alexander Weidinger, Joana Pecholt
Status: finished
Topic: Others
Author: Johannes Haran
Submission: 2024-10-10
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Hosting services and data in cloud environments instead of self-owned hardware has
become increasingly popular. However, the usage of cloud environments involves that
sensitive data is no longer in the hands of the owner and, therefore, has to be protected.
Confidential Computing technologies like AMD Secure Encrypted Virtualization (SEV)
and Intel Trust Domain Extensions (Intel TDX) address this need and protect the data
in use of Virtual Machines (VMs). The AMD SEV Secure Nested Paging (SEV-SNP)
technology, furthermore, offers support for Virtual Machine Privilege Levels (VMPLs),
offering hardware-based protection inside the VM. When using SEV-SNP a virtual
machine is currently booted using the Unified Extensible Firmware Interface (UEFI)
firmware Open Virtual Machine Firmware (OVMF).
Unfortunately, OVMF is quite extensive, offering a wide range of unnecessary features
and also consisting of many lines of code. As large software tends to have more
bugs and provides a bigger attack surface, its usage contradicts the security needs that
Confidential Computing addresses. However, there exists small software that enables
the boot of a virtual machine on x86 but does not support SEV-SNP. One such software
is qboot.
This thesis presents the adaptations necessary to enable qboot booting SEV VMs.
We analyze each technology, AMD SEV, AMD SEV Encrypted State (SEV-ES), and
AMD SEV-SNP, including the VMPL feature, and determine what changes must be
performed to successfully start a VM using these technologies. We describe these
changes in detail, dividing them into necessary and optional for different use cases.
Furthermore, we implement several of these changes, working towards the boot of an
SEV-SNP VM with support for VMPLs using qboot.
We evaluate our design by comparing the size of the firmware images and the
features provided by qboot and OVMF as our design does not change the image size of
qboot. We see that the firmware image of qboot is significantly smaller than the OVMF
image. Furthermore, we find several features contained in OVMF and not in qboot.
Since our design does not add unnecessary features to qboot, this shows that we could
reduce the boot overhead of virtual machines with support for SEV-SNP and VMPLs.