Linux Security Summit Europe 2024

Confidential Computing secures an important attack vector for sensitive workload: a provider cannot inspect or manipulate a confidential computing workload via its main memory or CPU registers. Yet confidential computing workloads are susceptible to other attacks (e.g., network attacks) like any other system. Therefore, certain workloads may require the use of a hardware security module (HSM) to protect their cryptographic keys. The usage of an HSM in a cloud gives raise to new attack vectors that need to be dealt with to establish a trustworthy relation between a virtual machine (aka guest) running in a trusted execution environment, the HSM and the cryptographic keys. The protection required goes beyond the establishment of a secure channel between the TEE and an attached device. This presentation reviews the security promises of confidential computing and HSMs, describes how to overcome the challenges of HSM usage in the cloud and finally shows how IBM Secure Execution for Linux allows to configure secure access to Crypto Express HSMs for Linux KVM guests.