Cloud computing is a ubiquitous solution to handle today's complex computing demands. However, it comes with data privacy concerns, as the cloud service provider has complete access to code and data running on their infrastructure. VM-based Trusted Execution Environments (TEEs) are a promising solution to solve this issue. They provide strong isolation guarantees to lock out the cloud service provider, as well as an attestation mechanism to enable the end user to verify their trustworthiness. Attesting the whole boot chain of a VM is a challenging task that requires modifications to several software components. While there are open source solutions for the individual components, the tooling and documentation for properly integrating them remains scarce. In this paper, we try to fill this gap by elaborating on two common boot workflows and providing open source tooling to perform them with low manual effort. The first workflow assumes that the VM image does only require integrity but not confidentiality, allowing for an uninterrupted boot process. The second workflow covers booting a VM with an encrypted root filesystem, requiring secure provisioning of the decryption key during early boot. While our tooling targets AMD Secure Encrypted Virtualization (SEV) VMs, the concepts also apply to other VM-based TEEs such as Intel Trusted Domain Extensions (TDX).

翻译：云计算是处理当今复杂计算需求的普遍解决方案。然而，它伴随着数据隐私问题，因为云服务提供商对其基础设施上运行的代码和数据拥有完全访问权限。基于虚拟机的可信执行环境（TEE）是解决此问题的有前景的方案。它们提供强大的隔离保证以排除云服务提供商，并提供认证机制使最终用户能够验证其可信性。认证虚拟机的完整启动链是一项具有挑战性的任务，需要对多个软件组件进行修改。虽然存在针对各个组件的开源解决方案，但用于正确集成它们的工具和文档仍然匮乏。在本文中，我们试图通过详细阐述两种常见的启动工作流程，并提供开源工具以低手动工作量执行它们，来填补这一空白。第一种工作流程假设虚拟机镜像仅需要完整性而不需要机密性，从而允许不间断的启动过程。第二种工作流程涵盖启动具有加密根文件系统的虚拟机，需要在早期启动阶段安全地提供解密密钥。虽然我们的工具主要针对AMD安全加密虚拟化（SEV）虚拟机，但这些概念也适用于其他基于虚拟机的TEE，例如英特尔可信域扩展（TDX）。