In cloud environments, confidential virtual machines (CVMs) are widely used to safeguard virtual machines (VMs) from potentially malicious hypervisors. However, as guest VM owners grow increasingly concerned about the vulnerabilities in guest operating systems (OSes), there is a rising demand for protection tailored for guest applications against these OS threats. This paper introduces GEnclave, an enclave mechanism designed to protect guest applications from malicious guest OSes. A significant advantage of GEnclave is that it is implemented within CVMs rather than outside of them. This internal implementation empowers VM owners to select, install, and maintain the enclave mechanism independently, without depending on cloud platform providers. We safeguard the GEnclave from the guest OS based on the intra-VM isolation. To achieve this isolation, we take advantage of the virtual machine privilege levels (VMPLs), a new feature of the AMD EPYC processors. Our enclave mechanism controls the permissions to guest physical pages in the VM to prevent the guest OS from accessing our enclave. To illustrate the flexibility of GEnclave, this paper demonstrates its capability to support kernel-level enclaves. Our evaluation indicates that GEnclave offers performance comparable to Intel SGX, an existing hardware-based enclave solution.
Hata et al. (Thu,) studied this question.