[$] Challenges in protecting virtual machines from untrusted entities

As an ever-growing number of workloads are being moved to the cloud, CPUvendors have begun to roll out purpose-built hardware features to isolatevirtual machines (VMs) from potentially hostile parties. These processorfeatures, and their extensions, enable the notion of "secure VMs" (or"confidential VMs") - where a VM's "sensitive state" needs to be protectedfrom untrusted entities. Drawing from his experience contributing to the secure VM implementation for the s390 architecture, Janosch Frank describedthe challenges involved in a talk at the 2020 (virtual) KVMForum. Though the implementations across CPU vendors may vary, there aremany shared problems, which opens up possibilities for collaboration.