• Thursday, 15 May 15:00 - 15:25 (Europe/Lisbon)
• Your timezone: Thursday, 15 May 15:00 - 15:25 (Europe/Lisbon)
• Keynote room | Floriana II

Device assignment in Confidential Virtual Machines (CVMs) enables applications such as confidential machine learning and enhances CVM I/O performance. Current development relies on TDISP, which lacks support for devices available on the market. In this talk, we first introduce virtCCA, our implementation of the CCA software stack using ARM TrustZone Secure-EL2. We then discuss the design and implementation of Confidential Device Assignment (CoDA) in virtCCA, which enables legacy PCIe devices to be assigned to a CVM. CoDA is facilitated by Huawei’s PCI Protection Controller (PCIPC) in the Kunpeng CPU. Benchmarks with NVMe, NIC, and GPU show that the I/O performance of CVMs is nearly identical to that of normal VMs.