Supporting development mode for no confidential hardware environments? #570
Comments
|
#614 is a baby step into that direction. It allows booting svsm in qemu without sev. How to load the firmware and handle context switches between firmware/os and svsm is an open and non-trivial question though. |
We could have a clean handoff and use DICE for the initial attestation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I have a question as to whether SVSM, in the current form, is supporting a kind of simulation mode for no confidential hardware . (e.g., confidential container offers an option to explore its features without confidential hardware- blog article)
It might be allowing other engineers to explore and try out SVSM, without SEV-SNP hardware. As SVSM currently relies on VMPLs for isolation, such (simulation) feature would require developing SW-based isolation that mimics VMPLs but provides no security guarantees.
After a few research, it seems that SVSM doesn't have such a feature. Am I correct? If so, do you have a plan to develop it?
The text was updated successfully, but these errors were encountered: