The Service VM is a lightweight, bare-metal virtual machine specifically designed to run various services for other virtual machines. It fulfills the following requirements:
The instance ID is incorporated into the CDI values calculation of each VM loaded by pVM Firmware to ensure consistent CDI values for the VM across all reboots.
Rialto is used as the bare-metal kernel for the Service VM. It shares some low-level setup, such as memory management and virtio device parsing, with pvmfw. The common setup code is grouped in vmbase/.
The main functionality of the Service VM is to process requests from the host and provide responses for each request. The requests and responses are serialized in CBOR format and transmitted over a virtio-vsock device.
Currently, the Service VM only supports VM remote attestation, and in that context we refer to it as the RKP VM. The RKP VM undergoes validation by the RKP Server and functions as a remotely provisioned component responsible for verifying the integrity of other virtual machines. See VM remote attestation for more details about the role of RKP VM in remote attestation.