Currently QEMU hypervisor based confidential guests on SEV-SNP, SEV-ES and TDX are not at-par with other non-confidential guests in terms of restartability. For confidential guests, once their initial state is locked-in and its private memory pages are encrypted, its state is finalized and it cannot be changed. This means, in order to restart a confidential guest, a new confidential guest context must be created in KVM and private memory pages re-encrypted with a different key. Today, this means that upon restart, the old QEMU process terminates and the only way to achieve a reset is to instantiate a new guest with a new QEMU process on these systems.
Resettable confidential guests are important for reasons beyond bringing them at par with non-confidential guests. For example, they are a key requirement for implementation of the F-UKI idea [1][2]. This talk will describe some of the challenges we have faced and our experiences in implementing SEV-SNP and TDX guest reset on QEMU. A demo will be shown that reflects the current state of progress of this work. A link for the demo video will also be shared. This will be mostly a QEMU centric presentation so we will also describe some fundamental concepts of confidential guest implementation in QEMU.
WIP patches based on which the demo will be shown are here [3]. These patches are posted in the qemu-devel mailing list for review and inclusion into QEMU [4].