We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Rust based Shim-Firmware for confidential container

Formal Metadata

Title
Rust based Shim-Firmware for confidential container
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
In this talk, we will introduce td-shim (https://github.com/confidential-containers/td-shim). Td-shim is a lightweight Intel Trust Domain Extensions (TDX) virtual firmware (TDVF) for the simplified kernel for TD based confidential container (e.g. Kubernetes). In order to match the short start-up time and resource consumption overhead of bare-metal containers, runtime architectures for TD-based containers put a strong focus on minimizing boot time. They must also launch the container payload as quickly as possible. Hardware virtualization-based containers typically run on top of simplified and customized Linux kernels to minimize the overall guest boot time. As such, we introduced the td-shim to replace the traditional Open Virtual Machine Firmware (OVMF) based TDVF for container use case. Currently the rust-based td-shim supports multiple hypervisors such as KVM and cloud hypervisor with smaller size and better boot performance. It provides a secure and efficient way of building the cloud native infrastructure.