SNPGuard: Remote Attestation of SEV-SNP VMs Using Open Source Tools

TL;DR

This paper presents open source tools for remote attestation of SEV-SNP virtual machines, enabling verification of VM integrity and confidentiality in cloud environments with minimal manual effort.

Contribution

It introduces two open source workflows for attesting SEV-SNP VMs, covering both integrity-only and encrypted root filesystem scenarios, filling a gap in existing tooling and documentation.

Findings

Tools simplify VM attestation process

Supports integrity and confidentiality verification

Applicable to AMD SEV and other TEEs

Abstract

Cloud computing is a ubiquitous solution to handle today's complex computing demands. However, it comes with data privacy concerns, as the cloud service provider has complete access to code and data running on their infrastructure. VM-based Trusted Execution Environments (TEEs) are a promising solution to solve this issue. They provide strong isolation guarantees to lock out the cloud service provider, as well as an attestation mechanism to enable the end user to verify their trustworthiness. Attesting the whole boot chain of a VM is a challenging task that requires modifications to several software components. While there are open source solutions for the individual components, the tooling and documentation for properly integrating them remains scarce. In this paper, we try to fill this gap by elaborating on two common boot workflows and providing open source tooling to perform them with low manual effort. The first workflow assumes that the VM image does only require integrity but not confidentiality, allowing for an uninterrupted boot process. The second workflow covers booting a VM with an encrypted root filesystem, requiring secure provisioning of the decryption key during early boot. While our tooling targets AMD Secure Encrypted Virtualization (SEV) VMs, the concepts also apply to other VM-based TEEs such as Intel Trusted Domain Extensions (TDX).