Currently QEMU hypervisor based confidential guests on SEV-SNP, SEV-ES and TDX are not at-par with other non-confidential guests in terms of restartability. For confidential guests, once their initial state is locked-in and its private memory pages are encrypted, its state is finalized and it cannot be changed. This means, in order to restart a confidential guest, a new confidential guest context must be created in KVM and private memory pages re-encrypted with a different key. Today, this means that upon restart, the old QEMU process terminates and the only way to achieve a reset is to instantiate a new guest with a new QEMU process on these systems.

Resettable confidential guests are important for reasons beyond bringing them at par with non-confidential guests. For example, they are a key requirement for implementation of the F-UKI idea [1][2]. This talk will describe some of the challenges we have faced and our experiences in implementing SEV-SNP and TDX guest reset on QEMU. A demo will be shown that reflects the current state of progress of this work. A link for the demo video will also be shared. This will be mostly a QEMU centric presentation so we will also describe some fundamental concepts of confidential guest implementation in QEMU.

WIP patches based on which the demo will be shown are here [3][4][5]. These patches are posted in the qemu-devel mailing list for review and inclusion into QEMU [6][7].

1. KVM Forum 2024 presentation https://pretalx.com/kvm-forum-2024/talk/HJSKRQ/
2. FOSDEM 2025 https://fosdem.org/2025/schedule/event/fosdem-2025-4661-introducing-fuki-guest-firmware-in-a-uki-for-confidential-cloud-deployments/
3. https://gitlab.com/anisinha/qemu/-/commits/coco-reboot
4. https://gitlab.com/anisinha/qemu/-/commits/coco-reboot-v2
5. https://gitlab.com/anisinha/qemu/-/commits/coco-reboot-v3
6. v1: https://lists.gnu.org/archive/html/qemu-devel/2025-12/msg01681.html
7. v2: https://mail.gnu.org/archive/html/qemu-devel/2026-01/msg01946.html