COCONUT-SVSM Joins the Confidential Computing Consortium
The Confidential Computing Consortium (CCC) welcomes a new project: The COCONUT Secure VM Service Module (COCONUT-SVSM), which aims to be a game-changer for secure service provision within confidential virtual machines (CVMs). This is a significant step forward for the project.
Published by SUSE in March 2023 the project built an active developer community with major industry players contributing, including AMD, Microsoft, IBM, Intel, Redhat and Google. By joining the CCC the project gains enhanced visibility and even more collaboration opportunities within the confidential computing community and is set for further community growth.
Building a Secure Foundation for Confidential VMs
COCONUT-SVSM was started by SUSE and is now hosted by the Linux Foundation (LF), known for fostering open-source collaboration. This choice reflects the project’s commitment to open development and community involvement. COCONUT-SVSM aims to become a platform that delivers essential services to CVMs. These services, which can not be provided by the host VMM in a secure way, include:
- Virtual TPM emulation: This functionality provides a secure Trusted Platform Module within the CVM, enabling functionalities like secure key generation and storage, but also enable full remote attestation of workloads.
- UEFI variable store: This secure storage area safeguards critical configuration data for the CVM and enables secure boot on some platforms.
- Live migration for CVMs: This feature allows for seamless movement of running CVMs across different physical hosts without compromising security.
The key advantage of COCONUT-SVSM lies in its secure execution environment. It operates within the trust boundary of the CVM, but is still isolated from the actual operating system. This isolation ensures that even if the underlying system gets compromised, the security of services offered by COCONUT-SVSM remains intact.
Benefits for SUSE and its Customers
SUSE plans to incorporate COCONUT-SVSM into a wide range of future products for virtual machine and container management. This integration will enable customers to leverage confidential computing features like:
- Secure Remote Attestation: This allows for verifying the integrity and trustworthiness of the execution environment, a crucial requirement for running sensitive workloads and protecting data.
- End-To-End Data Security: Customers can guarantee that their data is always encrypted and never visible to any unauthorized party during storage, transmission, and processing.
Ultimately, these features empower customers to fully protect their data even in untrusted environments. This paves the way for secure cloud deployments and confidential computing adoption across various industries.
Open Governance and Continued Growth
The COCONUT-SVSM project fosters open collaboration. SUSE’s Jörg Rödel, as the founding developer, is the current lead maintainer. In the future, a broader project leadership will be established by a Technical Steering Committee (TSC) consisting of at least 3 lead people to ensure diverse perspectives guide the project’s direction.
The project community collaborates via its GitHub organization, a mailing list and in weekly community meetings. There the project’s future, current challenges, and contributions from a broad developer base are discussed.
Every developer passionate about confidential computing and secure service provisioning is invited to start contributing to COCONUT-SVSM and support the continued growth of the project.
The Meaning Behind the Name
The name COCONUT is a play on the term “CoCo,” a common abbreviation for confidential computing. The “coconut” metaphor reflects the project’s focus on robust security, symbolizing a hard-to-crack shell protecting the integrity of sensitive data.
By joining the Confidential Computing Consortium, COCONUT-SVSM is set to make significant contributions to the field of confidential computing. We at SUSE are excited to see the project flourish within the CCC and invite all those interested in secure virtualization technology to join the thriving COCONUT-SVSM community. Together, we can bring confidential computing and end-to-end data protection forward for a wide range of industries and applications.
(Visited 1 times, 1 visits today)