ETD

• confidential computing
• CVM
• Linux
• Rust
• SVSM
• TLS
• virtual machines

This thesis aims to improve the Secure VM Service Module (SVSM) ecosystem in the field of confidential computing. Specifically, it focuses on the open-source COCONUT-SVSM project, implemented in Rust.

The main goal is to design and implement a secure communication channel, between the privileged module inside the confidential virtual machine and an external system, without compromising the security of the trusted environment. This new channel is the base layer for a new management service mechanism, which offers similar services to those provided by a hardware baseboard management controller, but with a software approach.

Additionally, this work builds the foundations for migrating SVSM services into userspace by introducing a new testing framework and a dynamic memory allocator.