Re: Linux kernel SIG meeting for vwfwupdate discussion

[Ani Sinha <anisinha@redhat.com>]

Is there any interest in sending a joint proposal in the upcoming KVM Forum based on the updated, latest incarnation of the idea? We can send a proposal now (deadline is June 9th I believe) and then work on the details in the subsequent weeks. I think we should be able to solidify the specifics of the hypervisor interface. When we presented this idea last year in the KVM forum, it was quite a bit fuzzy and we did not explore the IGVM angle at depth. 
So in my opinion, it will be a much better talk this time particularly with everyone (all major hyperscalers) showing interest on this.

Thanks
Ani
 

> On 12 May 2025, at 9:51 PM, Dan Middleton <dan.middleton@linux.intel.com> wrote:
> 
> The recording is now available:
> https://www.youtube.com/watch?v=bio5BGhjui4
> 
> Additional Minutes:
> https://docs.google.com/document/d/18D820gyt2xe84Jy6dGXgrNThApoozcekDzvIlK2_bd4/edit?tab=t.0#heading=h.4qh5zyiozbow 
> 
> Really interesting discussion.
> Great that the discussion could be recruited on short notice.
> Sounds like follow-up might be over a thread here, with those not
> subscribed to linux-coco added directly.
> 
> Keep in mind that the next SIG session is available and you can not only
> show pictures there, but can gesture and point to the same things to
> clarify.. I don't understand this stage, this widget, this format.
> 
> Thanks,
> Dan
> 
> On 5/8/25 12:29 PM, Dionna Amalie Glaze wrote:
>> Thanks everyone who could attend the CCC Linux Kernel SIG meeting
>> about FUKI and specifically the firmware replacement mechanism.
>> Please +cc any participants I missed.
>> Meeting minutes:
>> * the concept from its initial version that was Qemu-specific and used
>> specially-named FwCfg files to direct CVM context reconstruction with
>> a different ROM.
>> * the viewpoint of generalizing that interface to be an IGVM-based
>> firmware loading instruction in order to reduce the interface's
>> interpretation requirements to keep focused on an emerging standard.
>> * the usefulness of "single artifact" VM template distribution, such
>> that the firmware can be disk-image specific and not need extra
>> orchestration to lead to VM construction.
>> * constraints of the different VMM providers, namely
>>    + AWS does not have access to guest resources. A disk can only be
>> read by a guest VM.
>>    + Azure doesn't have this constraint and does not want to build a
>> stage 1 VM just to tear it down to boot a stage 2 VM every cold reset.
>> It's far more preferable for the host to have the option to determine
>> if an IGVM will be requested to load, in which case it should be
>> loaded directly without VM construction.
>>    + GCP emulates Qemu devices and could implement the FUKI interface,
>> but would prefer to use mechanisms that are standardized through
>> professional bodies like the UEFI forum. Faster boots without VM
>> reconstruction are also highly desirable.
>> Jon requested for Alex to give some more design consideration into a
>> mechanism that would satisfy both AWS and Azure's constraints.
>> Alex suggested the framework of a solution: mount the guest image,
>> search the boot partition for a specially named IGVM file, and launch
>> that instead of the CSP's firmware.
>> (Dionna notes outside of the meeting that this has the danger of being
>> an unsound optimization of directly loading the disk image under the
>> CSP firmware for FUKI application to load the IGVM due to no
>> requirement that the FUKI application load that specific IGVM file)
>> I look forward to our further discussion on how to provide a more
>> trustworthy Confidential Computing experience in the Cloud for our
>> customers :)
>> On Wed, May 7, 2025 at 4:04 PM Steve Rutherford <srutherford@google.com> wrote:
>>> 
>>> Heads up, this meeting is tomorrow, May 8th at 9AM PDT (6PM CEST), if
>>> you all are available.
>>> 
>>> On Fri, Apr 11, 2025 at 1:31 AM Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
>>>> 
>>>> Ani Sinha <anisinha@redhat.com> writes:
>>>> 
>>>>> Adding Vitaly as well who is also involved in this project from Red Hat.
>>>>> 
>>>>> On Fri, Apr 11, 2025 at 4:46 AM Dionna Amalie Glaze
>>>>> <dionnaglaze@google.com> wrote:
>>>>>> 
>>>>>> Hi y'all, my colleague Steve Rutherford runs a monthly special
>>>>>> interest group meeting amongst Linux kernel developers under the
>>>>>> confidential computing consortium umbrella.
>>>>>> 
>>>>>> The f-UKI concept presented at FOSDEM is a very interesting idea for
>>>>>> improving customer trust in cloud confidential VMs without the need
>>>>>> for complex control plane resource management for virtual firmware
>>>>>> EEPROM.
>>>>>> 
>>>>>> Microsoft has proposed a firmware loading format called IGVM that the
>>>>>> Coconut-SVSM project has adopted, and has support in Vanadium
>>>>>> (Google's KVM-based VMM), Qemu, and OpenVMM (donated to the CCC).
>>>>>> 
>>>>>> I see Alexander from AWS in the Qemu threads for vmfwupdate, so now
>>>>>> that's at least the top 3 CSPs represented here.
>>>>>> 
>>>>>> I think for everyone in the To: tag here, we all have a vested
>>>>>> interest in improving the CVM trust story without making the
>>>>>> virtualization ecosystem even more challenging to work with. I'd like
>>>>>> to invite you all to our next meeting
>>>>>> 
>>>>>> 9am PDT May 8th: https://confidentialcomputing.io/get-involved/calendar/
>>>>>> 
>>>> 
>>>> Hi Ani, Dionna, everyone,
>>>> 
>>>> I'd be delighted to participate! May, 8th, however, is a public holiday
>>>> in some European countries including CZ where I'm based and I will be
>>>> traveling on that day so I may not be able to join. I'm, however, pretty
>>>> certain that Ani/Alex/Gerd can represent the idea very well)
>>>> 
>>>> --
>>>> Vitaly
>>>> 
>