CFP: Bridging Virtualization and Trusted Execution: Building a KVM-TEE Mediator for Secure Computing

Yuvraj Sakshith

unread,

Mar 18, 2025, 2:11:19 AMMar 18

to Kernel Meetup Bangalore

Title: Bridging Virtualization and Trusted Execution: Building a KVM-TEE Mediator for Secure Computing.

Abstract: Trusted Execution Environments (TEEs), such as OP-TEE, utilize ARM TrustZone to secure critical operations. However, their isolation limits them to the host, preventing guests from accessing them directly. The unique design of KVM poses challenges in bridging the non-secure guest to the secure world, similar to how Xen achieves this. In this implementation, we will explore the solution that exposes the secure world to the guest and discuss the challenges involved in implementing it.

Outline:

+ Introduction to ARM TrustZone.

+ Design of KVM.

+ Does OP-TEE support NS-Virtualization?

+ Why guests cannot interact with the secure world?

+ Architecting the mediator.

+ Challenges with memory shared across the two worlds.

+ Issues with synchronisation.

+ Eliminating host dependance (WiP).

+ Testing.

Note:

The primary goal of this discussion is to gather feedback before considering broader adoption. By presenting this implementation, I aim to seek further input on how the solution can be implemented in a better, more optimal way. Additionally, this solution may be of interest to listeners who are exploring similar approaches.

About the presenter:

Yuvraj Sakshith is an undergraduate engineering student at PESIT Bangalore with a passion for kernel development, particularly on ARM64 platforms. His interests span virtualization, memory management, and confidential computing.

Preference: Regular Talk (30 minutes)

Best regards,

Yuvraj Sakshith

Sivakumar R

unread,

Mar 18, 2025, 3:27:43 AMMar 18

to Yuvraj Sakshith, Kernel Meetup Bangalore

+1

--
You received this message because you are subscribed to the Google Groups "Kernel Meetup Bangalore" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kernel-meetup-ban...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAA_YcQGM1NpJBCGAyrHq3pcSUbs%3Dp1gJ23ErG77F%2BwEvA75WoQ%40mail.gmail.com.

--

Regards,
Siva Kumar.R

Irfan Khan

unread,

Mar 18, 2025, 3:33:18 AMMar 18

to Yuvraj Sakshith, Kernel Meetup Bangalore

+1

To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAErAVEORa_GcN46Mgzi%3DTWxuokNgCBY9caGxhpJXsC69h-kCzQ%40mail.gmail.com.

Jinank Jain

unread,

Mar 18, 2025, 3:34:01 AMMar 18

to Irfan Khan, Yuvraj Sakshith, Kernel Meetup Bangalore

+1

Thanks,

Jinank Jain

To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAPRGd8ZZHxFZ9umXbfR-LYn4wJbXT8g2LNqUpBo_s%3D0UqSYd6A%40mail.gmail.com.

Ankita Pareek

unread,

Mar 18, 2025, 3:35:08 AMMar 18

to Jinank Jain, Irfan Khan, Yuvraj Sakshith, Kernel Meetup Bangalore

+1

To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAMy%2B%2BAK%3Da%2B%2BLHWmDKK9KKmobHxHws5_LqchBFd3BF4Q4wDkqvw%40mail.gmail.com.

Bhagyashri Pathak

unread,

Mar 26, 2025, 12:31:27 PMMar 26

to Ankita Pareek, Jinank Jain, Irfan Khan, Yuvraj Sakshith, Kernel Meetup Bangalore

+1

To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAG%2B8pO5%2BoROnA07-oXFwg5nsHszBQNWidaNMyc8AjtgWX5afgQ%40mail.gmail.com.

sidhu jayagond

unread,

Mar 28, 2025, 12:47:26 PMMar 28

to Yuvraj Sakshith, Kernel Meetup Bangalore

+1

--

vinay haritsa k p

unread,

Mar 28, 2025, 8:51:40 PMMar 28

to sidhu jayagond, Yuvraj Sakshith, Kernel Meetup Bangalore

Please share the slides and recorded session

To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAF6dZWRzk%2B2BmU%2BvL8usmqt0JqG9%2BvM_6HSXiYqYcrdeid0qfg%40mail.gmail.com.

Aditya Gupta (Personal)

unread,

Mar 29, 2025, 10:38:36 AMMar 29

to kernel-meet...@googlegroups.com

On 18/03/25 11:41, Yuvraj Sakshith wrote:
> *Title*: Bridging Virtualization and Trusted Execution: Building a

> KVM-TEE Mediator for Secure Computing.

> /
> /

This is the corresponding code right:
https://github.com/yuvraj1803/kvm_optee_mediator ?

Interesting. +1.

Thanks,

- Aditya G

Bhagyashri Pathak

unread,

Mar 29, 2025, 10:39:55 AMMar 29

to Aditya Gupta (Personal), Kernel Meetup Bangalore

+1

--
You received this message because you are subscribed to the Google Groups "Kernel Meetup Bangalore" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kernel-meetup-ban...@googlegroups.com.

To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/01e4d343-8420-4680-bc84-3aa1d9c63bc4%40gmail.com.

Yuvraj Sakshith

unread,

Mar 29, 2025, 10:40:08 AMMar 29

to Aditya Gupta (Personal), kernel-meet...@googlegroups.com

Hi Aditya,

Yes, that is correct.

Regards,

Yuvraj Sakshith

Sumit Semwal

unread,

Mar 30, 2025, 6:43:45 AMMar 30

to vinay haritsa k p, sidhu jayagond, Yuvraj Sakshith, Kernel Meetup Bangalore

Hello Vinay,

Thank you for your interest.

Usually, since there are organisations that kindly sponsor their office space for this event, there are no recordings.

We will figure out a mechanism to share the slides post event.

Thanks and regards,

Sumit Semwal (he / him)
Senior Tech Lead - Android, Platforms and Virtualisation
Linaro.org │ Arm Solutions at Light Speed

To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAOj_SGx4WGRx7ZRDOcVdvYWtr%2BnyoRUj--Lu3VETmVdHc9YA0w%40mail.gmail.com.

vinay haritsa k p

unread,

Mar 31, 2025, 3:29:29 AMMar 31

to Sumit Semwal, sidhu jayagond, Yuvraj Sakshith, Kernel Meetup Bangalore

Thanks sumit

Reply all

Reply to author

Forward