Rust based Shim-Firmware for confidential container

Main Room,

In this talk, we will introduce td-shim (
Td-shim is a lightweight Intel Trust Domain Extensions (TDX) virtual firmware (TDVF) for the simplified kernel for TD based confidential container (e.g. Kubernetes).
In order to match the short start-up time and resource consumption overhead of bare-metal containers, runtime architectures for TD-based containers put a strong focus on minimizing boot time. They must also launch the container payload as quickly as possible. Hardware virtualization-based containers typically run on top of simplified and customized Linux kernels to minimize the overall guest boot time. As such, we introduced the td-shim for confidential container use case.
Currently the rust-based td-shim supports multiple hypervisors such as KVM and cloud hypervisor. It provides a secure and efficient way of building the cloud native infrastructure.