Security overview of an Anjuna Confidential Container’s disk
When you create a Confidential VM using the Anjuna CLI for SEV, the container’s filesystem is secured using a disk that is integrity-protected and encrypted with an ephemeral key.
This section provides details about the algorithms and techniques used to provide a strong security guarantee for the disk. This guarantee ensures that the disk is unreadable to anyone besides the VM, and that no one besides the VM can modify it.
| The terms "disk" and "partition" are used interchangeably; the specific type of device provided to the VM may change between versions of the Anjuna CLI for SEV. |
The security configuration
The configuration for both the encryption and integrity protection of the disk resides within the RAM of the VM. Since an AMD SEV Confidential VM’s RAM is encrypted and integrity-protected, this configuration cannot be tampered with. This configuration defines the keys used to encrypt the disk, the keys used to verify its integrity, and the details around the algorithms used. Since a Confidential VM’s RAM is discarded when it reboots, the configuration is forever lost, along with any keys stored in it. Therefore, the data stored on the disk becomes completely unreadable to anyone (including during future executions of the same VM). This means that the data stored on this disk can no longer affect future executions of the VM.