[svsm-devel] Call for mentors/ideas for Google Summer of Code

Stefano Garzarella sgarzare at redhat.com
Wed Mar 26 16:38:46 CET 2025 

Hi Nicolai,

On Wed, 26 Mar 2025 at 16:04, Nicolai Stange <nstange at suse.de> wrote:
>
> Hi all,
>
> Stefano Garzarella <sgarzare at redhat.com> writes:
>
> > On Fri, 21 Mar 2025 at 15:42, Jörg Rödel <jroedel at suse.de> wrote:
> >>
> >> > We also have a PoC working with a very minimal FS+encryption, but at
> >> > least can be used by the student to understand the final scenario.
> >> > In addition, we have OpenVMM to take inspiration from and perhaps
> >> > reuse some code.
> >> >
> >> > That said, this is in my ToDo list (after the vTPM driver saga...) so
> >> > I don't know whether it makes sense to wait until September to get a
> >> > result from a student or to work on it directly.
> >>
> >> This should probably be split up anyways, in a task for the file storage
> >> layer and one for the encryption layer. Since you are planning to work
> >> on these topics in the near future maybe you can scope out some parts as
> >> suitable projects for students?
> >
> > Yes, perhaps it could be split, although I'm seeing that OpenVMM has
> > self-contained crates to handle what they called VM Guest State (VMGS)
> > file: https://github.com/microsoft/openvmm/tree/main/vm/vmgs
> >
> > It's a custom FS, with a file table, each file has an ID that
> > identifies its type (e.g. TPM_NVRAM) and on top of that they use AES
> > 256 GCM for encryption. They also provide a tool for
> > manipulation/inspection:
> > https://openvmm.dev/guide/dev_guide/dev_tools/vmgstool.html?highlight=vtpm#vmgstool
> >
>
> I would like to mention at this point that I'm also working on a FS for
> quite some time now. The main motivation for developing one from scratch
> is to have full Merkle-Tree style authentication over the whole FS,

Cool! Thanks for sharing!

> which I think (hope) would be affordable for the expected image sizes in
> the MB range. With that however, a Journal is also desirable, because
> otherwise powercuts/crashes in the middle of a write would render the
> whole image definitely unreadable.

Yes, definitely!

>
> Anyway, I'm in the last steps of having something working, I expect it
> to take ~2-3 more weeks until I can present some code + docs on the
> format for discussion.

Okay, I'll keep playing with VMGS so we can compare when you have
something ready!

Thanks,
Stefano

More information about the Svsm-devel mailing list