Physical memory allocation constraints for Confidential Computing guests by Quentin Perret

Running confidential computing (CoCo) payloads on arm64 mobile platforms presents unique challenges due to a wide spectrum of hardware constraints and vastly different power/performance characteristics. Some devices feature non-translating Stage-2 IOMMUs or IOMMUs with reduced addressing capabilities, while others have constraints stemming from their TrustZone implementation. Furthermore, many are very sensitive to Stage-2 page-table fragmentation, whether on the CPU side, DMA side, or both. The emergence of CoCo in the mobile space also brings new use-cases with demanding power and performance requirements. In this talk, we will first detail these specific problems, explaining how mobile hardware nuances impact the deployment of confidential computing. Secondly, we will formulate a proposal on how to approach these challenges. A core part of the proposal involves physical memory allocation constraints on the memory backing CoCo guests as well as hypervisor data structures. We believe many of these issues can be significantly mitigated through this approach. This session will initiate a discussion on the best way to express these allocation constraints, ideally by extending existing infrastructure such as guest_memfd and dmabuf. Slides: https://pretalx.com/kvm-forum-2025/ta...