Updates on Coconut SVSM Secure Services and Statef - Common Knowledge Scout

# Coconut SVSM Secure Services for Confidential VMs > [! note]- > The content of this page is generated by audio/video transcription and text transformation from the content and links of this source. Source: [https://fosdem.org/2025/schedule/event/fosdem-2025-5412-updates-on-coconut-svsm-secure-services-and-stateful-devices-for-confidential-virtual-machines/](https://fosdem.org/2025/schedule/event/fosdem-2025-5412-updates-on-coconut-svsm-secure-services-and-stateful-devices-for-confidential-virtual-machines/) <video src="https://video.fosdem.org/2025/k4401/fosdem-2025-5412-updates-on-coconut-svsm-secure-services-and-stateful-devices-for-confidential-virtual-machines.av1.webm" controls></video> ## Summary & Highlights: Coconut SVSM is a project focused on providing secure services and stateful devices for Confidential Virtual Machines (CVMs). It aims to enhance security by removing the need to trust the hypervisor or cloud provider, relying instead on hardware for confidentiality. Coconut SVSM is developing a Secure VM Service Module (SVSM) to emulate devices like the virtual Trusted Platform Module (vTPM). The project is expanding to support multiple platforms, including AMD SEV-SNP and Intel TDX. **Coconut SVSM Overview** Coconut SVSM is designed to provide secure services and trusted device emulation for CVMs. Initially focused on AMD SEV-SNP, it is evolving to support Intel TDX. The project aims to create a multi-platform solution that enhances confidentiality by reducing reliance on the hypervisor and cloud provider. **Technical Challenges and Solutions** Key challenges include emulating a stateful vTPM and enabling UEFI variable storage. The project involves storing encrypted state on an untrusted host and using early boot-time attestation to decrypt and validate the state. This process raises technical challenges, such as secure storage and attestation protocols. **Future Developments and Opportunities** Coconut SVSM is working on providing persistent state for vTPM and supporting UEFI variable storage. Future developments include implementing secure persistent storage and supporting additional hypervisors. The project is also focusing on upstreaming drivers and patches to other projects. **Eco-Social Impact** Coconut SVSM contributes to eco-social transformation by enhancing security and privacy in virtualized environments. It supports open-source development and collaboration, promoting sustainable and ethical computing practices. ## Importance for an eco-social transformation Coconut SVSM plays a significant role in eco-social transformation by enhancing security and privacy in virtualized environments. This project supports sustainable development by promoting open-source collaboration and reducing reliance on proprietary solutions. For eco-social designers, Coconut SVSM offers tools and methods to create secure and ethical computing environments. Challenges include overcoming technical hurdles related to secure storage and attestation protocols, as well as addressing social and political concerns about data privacy and security. ## Slides: | | | | --- | --- | | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_001.jpg\|300]] | The first slide introduces the FOSDEM 2025 session on Coconut SVSM, highlighting its focus on secure services and stateful devices for confidential virtual machines. The speakers, Stefano Garzarella and Oliver Steffen, are introduced, with their affiliations to Red Hat provided. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_002.jpg\|300]] | This slide discusses the challenges of confidential virtualization, where the hardware is trusted but the host OS or cloud provider is not. It introduces the Secure VM Service Module (SVSM) as a solution for providing secure services and devices to confidential guests, highlighting its usefulness for emulating a virtual TPM, UEFI variable storage, and more. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_003.jpg\|300]] | The slide outlines the Coconut SVSM project, which supports AMD SEV-SNP and is working on Intel TDX support. It is written in Rust and is part of the Confidential Computing Consortium. The project provides a virtual TPM to the guest and plans to support additional modes and hypervisors. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_004.jpg\|300]] | This slide details the current state of Coconut on AMD SEV-SNP. Coconut is packaged as an IGVM file, defining the initial VM state and enabling remote attestation. SVSM runs at a high privilege level, launching OVMF and Linux OS at a lower level, with support for SNP-SVSM. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_005.jpg\|300]] | The slide describes Coconut SVSM's provision of an ephemeral vTPM, which lacks secure storage. It discusses the challenges of implementing secure UEFI variable storage and the open questions about unlocking the root disk and performing remote attestation. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_006.jpg\|300]] | This slide highlights Coconut's virtual TPM, which uses the TCG reference implementation and is stateless, with its endorsement key regenerated at boot. It emphasizes the TPM's usefulness for measured boot and the need for enlightened drivers. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_007.jpg\|300]] | The roadmap slide outlines plans for a development release, user mode implementation, x2APIC support, and Paravisor mode. It also mentions efforts to upstream drivers and add secure persistent storage for vTPM state. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_008.jpg\|300]] | The slide introduces the concept of SVSM state persistence, focusing on early attestation to unlock persistent state for services like vTPM and UEFI variable storage. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_009.jpg\|300]] | This slide discusses the need for stateful services in SVSM, including vTPM and UEFI variable storage. It proposes adding a storage driver to SVSM, with encryption to protect the state from the untrusted host. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_010.jpg\|300]] | The slide explains early attestation in SVSM, where encrypted state is unlocked after successful remote attestation. It outlines the challenges of lacking a network stack and supporting multiple attestation protocols. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_011.jpg\|300]] | This slide describes the attestation proxy, a host application forwarding requests from SVSM to a remote server. It highlights the pros and cons, including the lack of a network stack in SVSM and the need for host network connectivity. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_012.jpg\|300]] | The slide presents the attestation bridge, a guest application for remote attestation. It discusses the pros and cons, such as self-containment in guest firmware and the complexity of network setup. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_013.jpg\|300]] | This slide addresses potential rollback and clone attacks on SVSM's persistent state. It suggests mitigation strategies like boot counters and limiting successful attestations per boot. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_014.jpg\|300]] | The slide provides an overview of the boot process, where SVSM boots from an IGVM file and connects to an attestation server using a proxy or bridge. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_015.jpg\|300]] | This slide continues the boot process, detailing how SVSM unlocks state storage and initializes services like vTPM and UEFI variable storage after receiving a key from the attestation server. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_016.jpg\|300]] | The slide describes how SVSM initializes vTPM and UEFI variable services, continues the boot process, and launches OVMF, which then launches the OS using secure boot and measured boot. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_017.jpg\|300]] | This slide explains how OVMF launches the OS using secure boot and measured boot, with the OS unlocking the full disk encryption via TPM's PCR policy. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_018.jpg\|300]] | The slide summarizes the complete boot process, highlighting how the OS uses the TPM to unlock encrypted storage and continues the boot process. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_019.jpg\|300]] | This slide provides information on trying SVSM with Fedora, including a demo link and a COPR repository for necessary packages and patches. | ![[FOSDEM 2025/assets/Updates-on-Coconut-SVSM-Secure-Services-and-Statef/preview_020.jpg\|300]] | The final slide thanks the audience and provides contact information for the speakers, along with links to Red Hat's social media and video platforms. ## Links [Coconut SVSM on GitHub](https://github.com/coconut-svsm/svsm) [TCG Virtualized Platform Working Group](https://trustedcomputinggroup.org/work-groups/virtualized-platform/) [HPE Proposal](https://mail.8bytes.org/pipermail/svsm-devel/2025-January/000442.html) [Demo on GitHub](https://github.com/stefano-garzarella/snp-svsm-vtpm) [COPR repo for Fedora](https://copr.fedorainfracloud.org/coprs/g/virtmaint-sig/sev-snp-coconut/) [Red Hat's SVSM page](https://red.ht/svsm)