Linaro Connect 2025
LIS25-233 Confidential Device Assignment (CoDA) - Huawei's Practice in Supporting both Legacy Devices and Upcoming Devices
Technical presentation - 30 minutes (including q&a)
- Thursday, 15 May 15:00 - 15:25
- Room: Keynote room | Floriana II
Device assignment in Confidential Virtual Machines (CVMs) enables applications such as confidential machine learning and enhances CVM I/O performance. Current development relies on TDISP, which lacks support for devices available on the market. In this talk, we first introduce virtCCA, our implementation of the CCA software stack using ARM TrustZone Secure-EL2. We then discuss the design and implementation of Confidential Device Assignment (CoDA) in virtCCA, which enables legacy PCIe devices to be assigned to a CVM. CoDA is facilitated by Huawei’s PCI Protection Controller (PCIPC) in the Kunpeng CPU. Benchmarks with NVMe, NIC, and GPU show that the I/O performance of CVMs is nearly identical to that of normal VMs.
No slides available.
Presented by
Senior Researcher at Huawei International
Yongzheng Wu is currently in charge of Huawei's CCA software stack and Trusted Computing standardization. His research area includes system security and Linux kernel. View more