Internet-Draft Abbreviated Title July 2023
Deng Expires 10 January 2024 [Page]
Internet Engineering Task Force
Intended Status:
Standards Track
J. Deng, Ed.
Alibaba Cloud Intelligence Group

Confidential Virtual Machine Provisioning in Cloud Environment


Confidential virtual machine (CVM) in the cloud environment is a use case of confidential computing where VM confidentiality is enabled by hardware. A cloud user’s CVM is isolated from the hypervisor provided by its cloud service provider, meaning the cloud service provider cannot access the workload and data in the CVM. This is used in the scenario where a cloud user intends to protect its sensitive workload and data from cloud service provider while at the same time desires to utilize the advantages of cloud technology. This document specifies the CVM provisioning in cloud environment including the provisioning process and protocol, and the security requirements.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 10 January 2024.

Table of Contents

1. Introduction

Confidential computing allows for workload and data protection in use leveraging hardware-based security technology. Confidential virtual machine (CVM) in cloud environment is a use case of confidential computing. It allows a cloud user to migrate its sensitive workload and data onto cloud and still protect them from cloud service provider and the hosting environment, such as hypervisor, virtual machine manager, host OS. Moreover, another benefit of using CVM is that no changes are needed for an application to be able to run in a CVM. It has witnessed an increase in the CVM provisioning and deployment in cloud. This document illustrates the provisioning process and protocol of CVM in cloud environment and also the security requirements.

2. CVM Provisioning in Cloud

2.1. Overview

For a cloud user to create and manage CVM instance on cloud infrastructure, CVM provision process in cloud consists of the following steps:

There may be other steps including:

The rest of the clause in this section describes each step above and the required message exchange between a user side (using a client), resource manager in the cloud, and platform of the server. The following clauses mainly describes what is specific to CVM provision, and normal VM provision involved is not the focus.

2.2. Enabling Confidential Computing Feature for CVM

For a server to be able to host CVM, certain booting parameters need to be configured to support the confidential computing feature for CVM. For example, to create a AMD CVM, the features, memory encryption and secure encrypted virtualization, need to be enabled. The server is then running with these features enabled.

This step is performed by the administrator of the server.

2.3. Creating CVM Instance

Cloud service providers need to provide to cloud users the option of CVM instance, and the underlying hardware choices supporting CVM.

In creating a CVM, cloud users need to set, among others, the VM type to be a CVM, and choose the hardware on which the CVM to be running.

2.4. Verifying CVM

A cloud user needs to be able to check whether a running VM is a CVM or not.

2.5. Reviewing Measures

2.6. Retrieving Remote Attestation Report

2.7. Migrating a live CVM

2.8. Message Definitions

3. IANA Considerations

This memo includes no request to IANA.

4. Security Considerations

In addition to the hardware-based isolation of CVM from hypervisor, host OS, virtual machine monitor/manager, other CVMs, a CVM may support:

This document should not affect the security of the Internet.

Author's Address

Juan Deng (editor)
Alibaba Cloud Intelligence Group