Internships/ProjectIdeas/NitroEnclaves

From QEMU
Revision as of 20:13, 30 January 2024 by Stefanha (talk | contribs) (Created page with "=== Implement -M nitro-enclave in QEMU === '''Summary:''' AWS EC2 provides the ability to create an isolated sibling VM context from within a VM. This project implements the machine model and input data format parsing needed to run these sibling VMs stand alone in QEMU. [https://aws.amazon.com/ec2/nitro/nitro-enclaves/ Nitro Enclaves] are the first widely adopted implementation of hypervisor assisted compute isolation. Similar to technologies like Intel SGX, it allows...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Implement -M nitro-enclave in QEMU

Summary: AWS EC2 provides the ability to create an isolated sibling VM context from within a VM. This project implements the machine model and input data format parsing needed to run these sibling VMs stand alone in QEMU.

Nitro Enclaves are the first widely adopted implementation of hypervisor assisted compute isolation. Similar to technologies like Intel SGX, it allows to spawn a separate context that is inaccessible by the parent Operating System. This is implemented by "giving up" resources of the parent VM (CPU cores, memory) to the hypervisor which then spawns a second vmm to execute a completely separate virtual machine. That new VM only has a vsock communication channel to the parent and has a built-in lightweight Trusted Platform Module called NSM.

One big challenge with Nitro Enclaves is that due to its roots in security, there are very few debugging / introspection capabilities. That makes OS bringup, debugging and bootstrapping very difficult. Having a local development and test environment that looks like an Enclave, but is 100% controlled by the developer and introspectable would make life a lot easier for everyone working on them. It also may pave the way to see Nitro Enclaves adopted in VM environments outside of EC2.

This project will consist of adding a new machine model to QEMU that mimics a Nitro Enclave environment, including NSM, the vsock communication channel and building firmware which loads the special "EIF" file format which contains kernel, initramfs and metadata from a -kernel image.

If the student finishes early, we can then proceed to implement the Nitro Enclaves parent driver in QEMU as well to create a full QEMU-only Nitro Enclaves environment.

Tasks:

  • Implement a device model for the NSM device (link to spec and driver code below)
  • Implement a new machine model (-M nitro-enclave)
  • Implement firmware for the new machine model that implements EIF parsing
  • Add tests for the NSM device
  • Add integration test for the machine model executing an actual EIF payload

Links:

Details:

  • Project size: 350 hours
  • Skill level: intermediate - advanced (some understanding of QEMU machine modeling would be good)
  • Language: C
  • Mentor: Alexander Graf (OFTC: agraf, Email: graf@amazon.com)