VirTEE is an Open Community dedicated to building FLOSS components to enable the construction of Virtualization-based TEEs (Trusted Execution Environments) using technologies such as AMD SEV (and SNP), Intel TDX and Armv9 Realms.

Communication channels

• Chat: #virtee on Matrix

Current projects

• sev: Rust library exposing APIs for the AMD SEV platform

• sevctl: Administrative utility for AMD SEV

• kbs-types: Rust (de)serializable types for KBS

• reference-kbs: A reference implementation of the KBS attestation protocol

• oci2cw: Utility to transform OCI images into Confidential Workloads

Do you have a project that you would see listed here? Propose a change to this page!

Other resources

• Using SEV with QEMU and libvirt

• SUSE’s AMD Secure Encrypted Virtualization (AMD-SEV) Guide

• Trying out the SEV flavor of libkrun

FAQ

What is a TEE?

According to the CCC (Confidential Computing Consortium), a TEE is as an environment that provides a level of assurance of the following three properties:

• Data confidentiality: Unauthorized entities cannot view data while it is in use within the TEE.
• Data integrity: Unauthorized entities cannot add, remove, or alter data while it is in use within the TEE.
• Code integrity: Unauthorized entities cannot add, remove, or alter code executing in the TEE.

For more information, check this whitepaper published by the CCC.

What is a Virtualization-based TEE?

It’s a TEE that’s constructed using Hardware-assisted Virtualization, combined with other technologies (AMD SEV, Intel TDX or Armv9 Realms) that enable the guest owner to verify the integrity and confidentiality of the Virtual Machine.