Introducing FUKI, guest firmware in a UKI for confidential cloud deployments

We described our idea of a guest virtual machine driven firmware update mechanism for confidential cloud deployments (where tenant and cloud providers are two different entities) in our KVM Forum talk 2024 titled “Empowering confidential VMs in the cloud to use their own firmware upon instantiation.” [1] . We already demoed a prototype in action at KVM Forum [4]. In this talk, we will briefly describe our motivation for this work for the benefit of those not present in the KVM Forum. Then, we will argue how signed UKIs can be a simple, easier and guest OS agnostic means of deploying the trusted and measured firmware images for tenants in the cloud. We will also describe how UKIs can trigger an update of the firmware using our proposed simple hypervisor interface. Discussions around implementing this have already started within the systemd community [2][5]. We will describe some of the details around our design decisions. We will also seek inputs from the community on implementing the hypervisor specific support needed in UKI for interacting with the hypervisor by proposing some initial ideas.

This talk is mostly UKI/systemd focussed. We will not describe QEMU specific details. For QEMU details, those interested may please refer to our 2024 KVM Forum talk and other future presentations at the KVM Forum or other conferences.

This work is being driven within Red Hat in collaboration with AWS. Other members besides the presenter Ani Sinha(Red Hat) [3] are: Alex Graf (AWS), Vitaly Kuznetsov(Red Hat), Paolo Bonzini(Red Hat), Gerd Hoffmann (Red Hat), Harald Hoyer (Matter Labs).

References:

1. https://pretalx.com/kvm-forum-2024/talk/HJSKRQ/
2. https://github.com/systemd/systemd/pull/35091
3. https://people.redhat.com/~anisinha
4. https://drive.google.com/file/d/1m6vkH-AENIt6pM9Onb98jyjloR1NP0lQ/view?usp=drive_link
5. https://github.com/systemd/systemd/pull/35281