@npmccallum so if I were to boot a full VM in SEV, would the memory be encrypted/decrypted at the level of the VM? Is this something which is already supported by cloud providers?
@jmstoller_gitlab Yes. No.
@npmccallum so you would have to purchase a computer and set it up yourself? Is Red Hat close to releasing an online VM that will support this?
@jmstoller_gitlab Today you can get SEV-enabled hardware from various clouds. But Enarx has the only SEV-attestation code in the world (to my knowledge). This is required to turn on encryption. The Virtualization stacks are currently looking at implementing this, but nobody supports it yet.
So the problem is fundamentally a software problem.
Enarx is likely to be first to market, because even if the VM hypervisor supports turning on SEV and attesting it, you can't yet pass keys through the guest BIOS, EFI, bootloader and kernel.
The required support is roughly:
Host VMM (hypervisor)
Cloud Management Software
Tenant Deployment Software
Ok, thanks for the explanation @npmccallum!
Today we have (1) and (2). Enarx has working but not yet merged (3) and (7) [in Enarx architecture, 4-6 aren't needed]. We also plan to build (8) and (9).
That removes a significant blocker for Enarx on aarch64 :-)
In addition, Redox's aarch64 port has been updated by Robin R over here, which means there's a minimally booting aarch64 kernel. There's also work on the recursive paging approach used here (Robin would like to use linear paging if possible)
Almost to 100 stars on the repo!
@connorkuehl We crossed 50 stars only a few weeks ago!
kpouget on Freenode \join #enarx
kpouget on Freenode Hello, I'd like to join the Enarx call tomorrow, is 14:00-14:30 GMT the correct time?
Hi kpouget! Yes, that's correct
kpouget on Freenode Connor Kuehl (Gitter), thanks, with the "EST" indication I wasn't sure !
Hello folks! I discovered the Enarx presentation series at the Red Hat Summit and the project has piqued my interest. I'm interested in the possibility of contributing to the docs. I'm be glad to further explore the possibility with the group whenever someone is available.
Welcome @m-dombrowski, we're very happy to have your contributions.
I'll also invite you to join our daily standups, which are open to the public and a great way to meet members of the team. Tomorrow at 10AM EST (14:00 GMT), the link is on our wiki
Thanks for the greetings and invites. I'll continue to read up on the wiki per your links. I'll probably not make the meeting tomorrow at the scheduled time but will make an effort to do so in the future.
Thanks, @m-dombrowski. The meetings are short and happen at the same time each weekday, if that helps. You're also welcome to continue chatting here.
@m-dombrowski Glad to have you here! Hook up with @axelsimon. I'm sure he can get you started.
won't be able to make the daily meeting, will be joining the Red Hat internal community central event on licences, a refresher will be useful…
A quick report:
The TEE vuln/attack page meeting we were supposed to have today had to be postponed to later this week, however @m-dombrowski has already started offering useful suggestions for that page and beyond that the documentation as a whole, so that's very cool.
moving enarx.io to the LF (CCC): trying to figure out how to fit our requests with LF's model. A few questions there, i'll ask them in the correct issue (enarx/enarx#437)