Attesting AMD SEV-SNP Virtual Machines with SPIRE

Resumo

SPIRE is an open-source project that enables the provisioning of verifiable identities to software components based on an attestation of the software properties, avoiding the leakage risks of pre-provisioned secrets. This paper presents an implementation of a SPIRE plugin that enables the attestation of AMD SEV-SNP confidential virtual machines. Our approach leverages the pluggable architecture from SPIRE and depends only on minor changes to QEMU, changes taken from its open-source community, and that should soon be merged. As a result, application providers can now use SPIRE to restrict sensitive credentials to be available only to services in environments protected from malicious hosts and cloud operators using AMD SEV-SNP technology. Our experiments show that the steps needed to create and attest the confidential VM do not prohibitively increase boot times (from 10.8 to 20.9 seconds) and that confidential VMs with encrypted disks only slightly degrade the CPU and RAM performance (about ) of unmodified applications.