Documentation/security/snp-tdx-threat-model.rst

33 Machines (VM) inside TEE. From now on in this document will be referring
39 inside a CoCo VM. Namely, confidential computing allows its users to
46 integrity for the VM's guest memory and execution state (vCPU registers),
55 a trusted intermediary between the guest VM and the underlying platform
59 VM, manage its access to system resources, etc. However, since it
60 typically stays out of CoCo VM TCB, its access is limited to preserve the
68     | CoCo guest VM     |<---->|                       |
131 CoCo VM TCB due to its large SW attack surface. It is important to note
134 VM TCB. This new type of adversary may be viewed as a more powerful type
140                                  |    CoCo guest VM       |
166 The **Linux kernel CoCo VM security objectives** can be summarized as follows:
178 VM assets**:
189 The **Linux CoCo VM attack surface** is any interface exposed from a CoCo