Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 -- 34,000 cycles, approximately $1.33\times$ -- $1.54\times$ higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.

翻译：完整性对于维护系统安全至关重要，因为它确保只有真实的软件被加载到机器上。尽管机密虚拟机（CVM）运行在与宿主机隔离的环境中，但必须认识到，用户仍然面临在可信执行环境（TEE）内维持运行代码完整性的挑战。复杂操作系统（OS）的存在增加了动态创建和执行任意代码的可能性，一旦客户机操作系统被攻破，TEE内的用户应用程序就容易受到干扰或篡改。为解决此问题，本文提出了NestedSGX框架，该框架利用虚拟机特权级别（VMPL）——AMD SEV-SNP提供的最新硬件特性——在客户虚拟机内创建硬件飞地。与Intel SGX类似，NestedSGX将客户机操作系统视为不可信实体，以防止其加载潜在恶意代码。它确保只有飞地内经过验证的可信代码能够进行远程认证。为无缝保护现有应用程序，NestedSGX通过模拟SGX叶函数实现了与Intel SGX的兼容性。我们还将SGX SDK和Occlum库操作系统移植到NestedSGX，使得现有SGX工具链和应用程序能够在系统中运行。性能评估表明，NestedSGX的上下文切换耗时约32,000至34,000个时钟周期，比Intel SGX高出约$1.33\times$至$1.54\times$。在大多数实际应用中，NestedSGX产生的开销极小：计算和内存密集型工作负载的平均开销低于2%，I/O密集型工作负载的平均开销低于15.68%。