Confidential computing

Deploying sensitive workloads in a cloud requires complete trust in the provider of an IT infrastructure (for example, a cloud provider), because the owner or administrator of a machine or hypervisor that hosts a workload has full control over that workload.

Not only can a hypervisor define the configuration and decide when to start and stop a virtual machine, but it also has full access to all memory of the virtual machine.

Therefore, it can observe and even manipulate its computation and data. To address this problem, some hardware vendors have implemented trusted execution environments (TEEs). TEEs support confidential computing, where virtual machines run as black boxes with states that can neither be inspected nor accessed by hypervisors or hardware management consoles.

IBM Secure Execution for Linux (SEL) is the confidential computing solution that runs secure KVM guests on LinuxONE [1,2]. In contrast to other confidential computing solutions, it supports boot images that are fully encrypted and measured by the image owner. Because of the encryption, the owners can include secrets, such as dm-crypt or SSH keys, in the boot image. Thus, the attack surface of a secure guest is minimized. In addition, a secure execution image can be started without any interaction with the image owner.

With LinuxONE 5, IBM Secure Execution for Linux is enhanced to support vendors of generic Secure Execution images enabling their tenants to personalize secure guests booted from the vendor’s generic image by securely inserting the tenant’s secrets into the secure guests.