Confidential VMs on public clouds and on-premise: a long way towards zero trust

Confidential VMs are generally available on popular public clouds today and on-premise hypervisor solutions are trying to catch up. The main selling point of the technology is the assumed ability to isolate guests from the owner of the infrastructure thus gaining true confidentiality. Are we there yet? In the talk I will try to describe (from a general purpose Linux based operating system perspective) what would it take to build full chain of trust. In particular, I'd like to discuss the following parts: why/how can we trust the hardware, the firmware, the bootloader, the kernel, and the userspace; how we can ensure confidentiality and integrity of the workload. The talk is supposed to be fairly high level with the main purpose to provide an overview of the current state of affairs; highlight parts of the chain where the required solutions are already there, parts, which are 'work and progress', and parts where we've just scratched the surface.