Enabling Hardware Security Modules for Confidential Computing - Reinhard Buendgen, IBM // TRAIN BRAIN

Enabling Hardware Security Modules for Confidential Computing - Reinhard Buendgen, IBM

Enabling Hardware Security Modules for Confidential Computing - Reinhard Buendgen, IBM
Confidential Computing secures an important attack vector for sensitive workload: a provider cannot inspect or manipulate a confidential computing workload via its main memory or CPU registers. Yet confidential computing workloads are susceptible to other attacks (e.g., network attacks) like any other system. Therefore, certain workloads may require the use of a hardware security module (HSM) to protect their cryptographic keys. The usage of an HSM in a cloud gives raise to new attack vectors that need to be dealt with to establish a trustworthy relation between a virtual machine (aka guest) running in a trusted execution environment, the HSM and the cryptographic keys. The protection required goes beyond the establishment of a secure channel between the TEE and an attached device. This presentation reviews the security promises of confidential computing and HSMs, describes how to overcome the challenges of HSM usage in the cloud and finally shows how IBM Secure Execution for Linux allows to configure secure access to Crypto Express HSMs for Linux KVM guests.

The Linux Foundation

The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the L...

Linux Foundation Member Summit 2024 - Keynote Sessions

Keynote: Closing Remarks - Bailey Hayes, CTO, Cosmonic

Keynote: Welcome Back Remarks - Bailey Hayes, CTO, Cosmonic

Behind the Scenes: Debugging Kotlin/Wasm - Artem Kobzar, JetBrains

Keynote: Safety-Critical Meets Web-Native: Wasm Revolutionizes Embedded Systems - Panel Discussion

Keynote: FaaS Platform Engineering with Wasm- Vamsi Sangavarapu, VP of Engineering, American Express

Wasm Ecosystem Q&A - Alex Crichton, Fermyon

Workshop: Choose Your Own Adventure: Wasm Edition - Bailey Hayes & Taylor Thomas, Cosmonic

Keynote: WebAssembly & the Future of NGINX - Oscar Spencer, Principal Engineer, F5 NGINX

wRPC: Distributed Components, No Assembly Required - Roman Volosatovs & Taylor Thomas, Cosmonic

Panel Discussion: Playing Safely in the... Ram Iyengar, Ralph Squillace, Luke Wagner & Bailey Hayes

Sponsored Keynote: WordPress Meets WASM: Full Power of the CMS In Any... Jason Bahl, Code Wrangler

Keynote: FaaS Platform Engineering with Wasm - Vamsi Sangavarapu, VP of Engineering

Whamm! A WebAssembly Bytecode Instrumentation DSL - Elizabeth Gilbert

Keynote: Welcome & Opening Remarks - Nigel Poulton, Author and Video Trainer

Distributing and Running Containers for Wasm-Enabled Environments - Kohei Tokunaga, NTT

Unleash the Power of Open Source WASM on a Hyper-Distributed Clo... Colin Murphy & Douglas Rodrigues

The Future of Green Cloud: Serverless WebAssembly on Arm64 Archi... Kate Goldenring & Aaron Williams

WebAssembly at Google - Thomas Nattestad & Thomas Steiner, Google

Wasi-Webgpu: Build Beautiful Graphics and Safely Run AI with Any GPU - Sean Isom & Mendy Berger

Lightning Talk: From Server to Client: Ruby on Rails on WebAssembly - Vladimir Dementyev

Composable Concurrency for WebAssembly Components - Joel Dice, Fermyon Technologies

Keynote - Larry Carvalho, Chris Woods, Dan Mihai Dumitriu, Stephen Berard, Moderated by Divya Mohan

Mentorship Session: Using Clang and LLVM to Build the Linux Kernel

LF Networking’s Thoth enables telcos to leverage domain-specific AI

Countdown to #KubeCon + #CloudNativeCon NA in Salt Lake City!

Why healthcare trails in open source adoption | Linux Foundation Research

LFX Mentorship Showcase - Moderated by Shuah Khan, The Linux Foundation

KubeCon + CloudNativeCon Experience

LF Live Webinar: GenAI & Coding: Prompts for Maximum Workflow

Open Source Summit Europe 2024 Vienna Highlights

Secure and Encrypted Boot in Zephyr RTOS - Parthiban N, Linumiz

The Power of Global Community Support at #KubeCon + #CloudNativeCon

Empowering Diversity and Collaboration at #Kubecon + #cloudnativecon

Rethinking Kubernetes Management #kubernetes #cloudnative

Improving Bpftrace Reliability - Daniel Xu, Meta

How Can Your OSPO Maximize Open Source Business Value for the Organization? - Masae Shida, Broadcom

Contributing to KernelCI for Better Testing and Collaboration - Arisu Tachibana, Cybertrust Japan Co

Step by Step, What Should We Do for the Kernel Ecosystem? - Hirotaka Motai, Cybertrust Japan

Democratizing Diffusion Models with Diffusers - Sayak Paul, Hugging Face

Exploring CXL Memory: Configuration and Emulation - Yasunori Goto, Fsas Technologies Inc.

A Next-generation IoT Platform for Edge AI Apps Leveraging Se...- Munehiro Shimomura & Kenji Shimizu

Unlocking Local LLMs with Quantization - Marc Sun, Hugging Face

Optimize Your AI Cloud Infrastructure: A Hardware Perspective - Liang Yan, CoreWeave

eBPF BoF - Shung-Hsi Yu, SUSE & Yutaro Hayakawa, Isovalent

Discover Valkey: The Path to Now - Hayato Tustsumi, AWS

Data Prep Kit: A Comprehensive Cloud-Native Toolkit for Scalable Da... - Daiki Tsuzuku & Takuya Goto

Recent TPM Security Enhancements to the Linux Kernel - James Bottomley, Microsoft

Middle-Platform Empowerment: Growing and Sustaining Open Source Projects...- Xiaoya Xia & Peggy Dong

Exploring Distributed Caching for Faster GPU Training with NVMe, GDS, and RDMA - Hope Wang & Bin Fan

Why #Kubecon + #cloudnativecon is amazing?

KubeCon Scholarship Journey #kubecon #cloudnativecon

Action Deduplication: Faster and Cheaper Remote Builds Without Lifting a Finger - Christian Scott

Building 1300 Container Images in 4 Minutes - Sushain Cherivirala, Stripe

Pigweed and Bazel for Embedded Development - Ted Pudlik, Google, LLC

Spotify's Journey to Releasing One of the World's Largest Apps wit... Luka Cindro & Gabriel Borglund

Aspect Build - Alex Eagle, Aspect Build Systems

BazelCon Keynote - Mícheál Ó Foghlú & Tobias Werth, Alex Eagle, Helen Altshuler, Chuck Grindel

State of the Union - Tobias Werth & John Field, Google

Post Mortems for 4 Years of Remote Execution - Ulf Adams, EngFlow Inc.

Performant Bazel Builds for Web Monorepos at Scale - Sharmila Jesupaul, Airbnb

Introducing Remote Bazel - Maggie Lou, BuildBuddy

Running a Start-up on Bazel - Prasanna Swaminathan, Ergatta

Perfect Sandboxing in Bazel - Rahul Butani, Intel

Bazel’s Take on (Cc) Shared Libraries - Claudio Bley, Modus Create

The Classics Never Go Out of Style: An Empirical Study of Downgrades from Bazel - Shane McIntosh

Lessons from a Large JVM Monorepo - Janusz Kudelka, Airbnb

A celebration of community! #KubeCon #CloudNativeCon

LF Live Webinar: Simplify Your Kubernetes Connectivity with NGINX Gateway Fabric

GPU allocation Insights from NVIDIA

Boost Your Networking and Balance

In-Person Learning at #Kubecon #cloudnativecon

Connect, Learn & Thrive Strategically #kubecon #cloudnativecon

Value of Community at #KubeCon

Mentorship Session: The Maple Tree: Structure and Algorithms

Fast & Efficient Access to External Infrastructure

DevSecOps Transformation at Speed and Scale Using Tekton - Caroline Cameron & Tony Higham, IBM

Sponsored Session: Solving for the Cloud Native Security Paradox - Robert Sirchia, SUSE

Compartmentalizing Vulnerable Kernel Components Without Stopping the Machine - Qinrun Dai

Systemd & TPMs - Lennart Poettering, Microsoft