Creating confidential containers using confidential VM in public cloud

[bpradipt]

Creating this tracker issue to identify additional work needed to create confidential containers by leveraging confidential VM (CVM) support in public cloud.

Starting with an initial list

• [X] Creating a Pod VM image that can run as CVM
• [ ] Remote attestation using public cloud attestation services: This will require adding support in attestation-agent. Are there any other alternatives ?
• [ ] Pod VM root disk encryption
• [X] Secure communication between the worker node and Pod VM
• [ ] A tool to create OS disk/initrd for the peer CVM (current process super complicated)
• [ ] A way to boot CVM from the OS disk/initrd (so far only Azure AFAIK)
• [ ] Share host VM disks/devices with the peer CVM
• [ ] Changes to CoCo threat model when using peer pods approach.
• [ ] Handling userdata provided via cloudinit to avoid manipulation by a malicious admin - https://github.com/confidential-containers/cloud-api-adaptor/issues/740
• [ ] Measuring pod vm components - https://github.com/confidential-containers/cloud-api-adaptor/issues/858
• [ ] <add-more>

Also is there a scope for leveraging existing work in this space for eg. https://github.com/edgelesssys/constellation ?

[jxyang]

I can add a few:

• [ ] A tool to create OS disk/initrd for the peer CVM (current process super complicated)
• [ ] A way to boot CVM from the OS disk/initrd (so far only Azure AFAIK)
• [ ] Share host VM disks/devices with the peer CVM

[liudalibj]

Follow the documents https://www.ibm.com/docs/en/linux-on-systems?topic=tasks-encrypting-data-volumes and https://cryptsetup-team.pages.debian.net/cryptsetup/README.initramfs.html I can provide some scripts about Pod VM root disk encryption

[bpradipt]

Few additional aspects that came across in community slack discussion - https://cloud-native.slack.com/archives/C04A2EJ70BX/p1671091461659489

1. Changes to CoCo threat model when using peer pods approach.
2. Handling userdata provided via cloudinit to avoid manipulation by a malicious admin

@stevenhorsman please add if I have missed something