Microsoft Open Sources OpenHCL, a Linux-Based ‘Paravisor’
VIENNA — At the Linux Foundation‘s Linux Plumbers Conference, the annual get-together for the top Linux kernel developers (and me), Microsoft Senior Software Engineer Chris Oo announced in a confidential computing micro-conference that Microsoft would be open sourcing OpenHCL, a Linux-based, confidential virtual machine (VM) paravisor.
Before diving into the news, you must know what confidential computing and a paravisor are.
According to the Confidential Computing Consortium (CCC), confidential computing starts by stating that data exists in three states: in the network, at rest, and in use. Thus, “In a world where we are constantly storing, consuming, and sharing sensitive data — from credit card data to medical records, from firewall configurations to our geolocation data — protecting sensitive data in all of its states is more critical than ever.
“Cryptography is now commonly deployed to provide both data confidentiality (stopping unauthorized viewing) and data integrity (preventing or detecting unauthorized changes). While techniques to protect data in transit and at rest are now commonly deployed, the third state — protecting data in use — is the new frontier.”
Escaping the Virtual Machine
Protecting data in memory is more important than ever since VM and container escapes in a cloud-computing world are especially dangerous. In these, an attacker uses a VM or container to crack open the memory of a co-resident VM or container on a cloud server. Do I even need to point out the implications? Attacking your cloud data and services would be trivial if a hostile user could escape from their VM sandbox or container.
This isn’t just theoretical. The first such attack, Cloudburst, was used on VMWare Workstation in 2008. There are also numerous ways to escape from a badly secured container.
The defense against all such attacks is to encrypt your data in memory.
The CCC currently does this with three different technologies:
- Software Guard Extensions (Intel SGX) SDK is designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves in memory.
- Open Enclave SDK is an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications that run across multiple TEE architectures.
- Enarx is a project providing hardware independence for securing applications using TEEs.
IBM Steps In
Some companies saw this need coming sooner than others. IBM, for example, said it was working on confidential computing in the 90s. Rohit Badlaney, VP of IBM Z Hybrid Cloud, and Hillery Hunter, VP and CTO of IBM Cloud, wrote, “Data protection is only as strong as the weakest link in end-to-end defense.”
This mainframe-specific confidential cloud has been available since 2018, with the release of IBM Cloud Hyper Protect Services and IBM Cloud Data Shield. This is done using a key management and cloud hardware security module.
Confidential computing technology is also broadly available. Hardware-encrypted memory technologies, such as Intel Software Guard Extensions (SGX), ARM’s TrustZone, and AMD’s Secure Encrypted Virtualization (SEV), can be deployed today.
Many operating systems and programs don’t quite know what to make of encrypted memory. That’s where paravisors come in.
According to Oo, a paravisor is a specialized firmware component that operates within a VM at a higher privilege level than the guest operating system. It offers essential services to guest VMs, such as the Virtual Trusted Platform Module (vTPM), and it can emulate legacy devices such as serial ports.
Paravisors can also translate between different device interfaces. For example, it can translate Non-Volatile Memory Express (NVME) to paravirtualized Small Computer System Interface (SCSI).
The Power of Paravisors
Paravisors can emulate hardware components for guests who are not fully optimized (aka “unenlightened”), such as older versions of Linux and Windows in virtualized environments. This hardware emulation includes Advanced Programmable Interrupt Controller(APIC) emulation and Interrupt virtualizations.
There are other methods to empower unenlightened operating systems to use confidential memory, such as Secure Virtual Machine Monitor (SVSM). According to Oo, paravisors are more flexible than these. Companies such as AMD and SUSE, which support SVSM, see it the other way.
What OpenHCL brings to the table is a new approach to virtualization by running a privileged environment within guest virtual machines, isolated from the guest operating system. This lightweight virtualization layer provides crucial facilities such as accelerated I/O and enhanced security features, all while maintaining strong isolation between tenants.
From Azure to Open Source
While OpenHCL hasn’t been open sourced before, it’s not a new program. OpenHCL has long served as a paravisor for Azure Confidential VMs, which enabled guests to run in a hardware-based TEE.
OpenHCL is written in Rust and leverages its memory safety principles, making it ideally suited for the critical task of virtualization. This choice of language enhances security by preventing common vulnerabilities like buffer overflows and data race conditions.
Oo added, “We utilize the Linux kernel to provide a standard REST interface so that we can write standard Rust code. We also track the upstream kernel and aim to upstream all kernel patches or have a path to upstream” As much as possible, “We run as much in user-mode as possible, including hosting the VM Manager (VMM) itself and device drivers.” At the same time, Microsoft keeps VMM code as operating system agnostic as possible.
According to Oo, another OpenHCL advantage is its ability to transparently provide guest VMs with accelerated I/O facilities. This means that VMs on Azure can take advantage of Azure Boost’s performance enhancements without requiring any changes to the guest operating system. Since one of confidential computing’s problems is that it puts a three—to five percent performance tax on compute, this can be quite helpful.
At this point, Microsoft‘s decision to open source OpenHCL marks a significant commitment to transparency and collaboration in the cloud computing space. This move is expected to accelerate innovation in virtualization technology and potentially lead to wider adoption of OpenHCL’s architecture beyond Azure.
That said, Microsoft is far from the only player in the paravisor space. Intel and ARM also have their candidates. As the organizers noted, “There is still some way to go and problems to be solved before a secure Confidential Computing stack with open source software and Linux as the hypervisor becomes a reality.” Still, we’re closer today than we were yesterday, and with open source software, progress usually goes much faster than with other approaches.
