吴昊-Secure IO for Virtualization-Based Trusted Execution Environment.pdf

1、Secure IO for Virtualization-Based Trusted Execution EnvironmentWu Hao 2024/03Agenda Background Secure IO Introduction Linux upstream updateBackground Trusted Execution Environment(TEE)VM e.g.Intel Trust Domain Extensions(TDX)Current direct IO model limitations IO Data needs to be bounced to shared

2、staging buffer Additional software-based cryptographic techniques required for data protectionVMMTVMTrust ComputeBoundaryIO DataIO DataDeviceShared MemoryEncrypt&Copy-outDecrypt&Copy-inDMA(w/encryption/decryption)Secure IOTVMTrust ComputeBoundaryIO DataDeviceTrust ComputeBoundary Accept trusted devi

3、ce into TVMs TCB Device Attestation Device DMA to private memory Private Device MMIO access DMA/MMIO access control and isolation Physical Data Link Protection New Industry standards to define software and hardware extensions needed to support Secure IOPCIe*TEE Device Interface Security Protocol(TDI

4、SP)PCI-SIG standards of Secure IO(TEE-IO)architecture TEE Device Interface Security Protocol(TDISP)requires Device Attestation(SPDM,CMA)Establish trust channel between TSM and DSM(SPDM)Secure the interconnect between the host and device(IDE)Secure attach/detach TDIs to a TVM(TDISP state machine)Trus

5、ted MMIO/DMA support and access controlTDISP Host/Device Reference Architecture From:PCIE*TDISP spec Secure IO TDISP state machine UNLOCK:allow untrusted MMIO/DMA LOCKED:prevent untrusted MMIO/DMA RUN:allow trusted MMIO/DMA ERROR:stopped due to errorTDISP state machine From:PCIE*TDISP spec Secure IO

6、 High Level Architecture(Draft)Based on existing direct IO framework(VFIO)New TSM driver to manage Secure IO life cycles/TDI state machine Common TSM code/ABIs vs Arch specific implementation Enlighten Guest OS to manage attached TDI GHCx Guest/Host Communicat