I want to start blogging more. I’ll be the first to admit that I haven’t been trying particularly hard (or at all) to write for my blog these past
few several months. This is true for my side projects as well, one of which I’d like to send upstream some day. I’ve been busy adjusting to post-college life, new job, and finding my own social rhythm. It’s important to take time for things like that. I’ll share more of my thoughts on that topic later.
This post is the first of many that I would like to start doing regularly. I’ll write a post once a month detailing all the things that I’ve been working on. Some of these topics might not warrant an entire blog post of their own. Some of them might. In those cases, I may write about them in more depth at my leisure. At least this way I won’t be blocking on content for my blog. Furthermore, this will give me a chance to sit and reflect on some of the things I’ve learned; or at least, brag about things that I think are fun and interesting in the life of a software developer and human.
I started a new job as a Software Engineer on the Virtualization team at Red Hat working on Enarx! I’m really excited about this project. Enarx is used to deploy WebAssembly applications into Trusted Execution Environments (TEEs). Enarx (will) abstract over all of the TEE hardware platforms; so application programmers only need to write code that compiles to WASI-compliant WebAssembly and their binary can be deployed onto any hardware architecture with Enarx.
I’m working on some of the lower-level bits of the project, specifically focusing on AMD SEV. This is a trusted execution environment for virtual machines, where the memory contents of the virtual machine are encrypted; meaning that the virtual machine’s workload is entirely private and known only to itself–the host has no visibility into it.
This entire month has been a bit of a whirlwind. I’ve been working to ramp up on Enarx and re familiarize myself with the Rust programming language. Rust is coming back to me fairly quickly. I’ve been working through Jim Blandy’s “Programming Rust” book and it is excellent! I try to carve out some time each workday to work through it.
I’ve been working on a program called
sev-show, a tool for discovering SEV capabilities in the running environment. It works by querying the processor capabilities through the
cpuid instruction; checking for the SEV device special file; and checking sysfs to make sure the required Linux kernel parameters are enabled.
I’ve also started on breaking the SEV codebase into independent crates (Rust libraries) to improve code re-use in the future. This will be a significant task that I’ll be working on for some time now. So far, I’ve extracted the SEV
ioctl code into its own crate based on a type-safe
ioctl crate called
iocuddle. This one has been a bit of a learning curve due to the foreign function interface (FFI) between Rust and C. This is definitely a topic I’d like to explore in a future blog post once I have a better understanding of the lifetime tomfoolery I’ve stumbled through.
Another bit of work that I’m particularly proud of is that I’ve done a deep dive into AMD SEV and wrote some in-depth technical documentation on how attestation works between a tenant and a host. This document will hopefully serve as an example to other hardware vendors as we invite them to fact-check and contribute their own documentation on their respective platforms.
This blog post has been a great opportunity to reflect. It’s given me a great view of just how lucky I am to work on free and open source software. I’m really excited for the work I’ve done and the problems I’ll get to work on!
So what’s next? I’ll check back next month.