Last month saw the annual gathering of engineers and experts from across the Arm ecosystem for the Linaro Connect 2025 conference, which this year took place in Lisbon. Read our earlier blog post for a preview and some background about this event.
As promised, confidential computing was an important theme at this year’s conference. Highlights included this keynote from Mike Bursell, and a presentation from Fujitsu on how Confidential AI workloads will be powered by their FUJITSU-MONAKA processor, based on Arm’s Confidential Compute Architecture (CCA).
In this blog post, we’ll reflect on proceedings from the Endorsement API Workshop, which was a full-day event that was co-located with the conference. The workshop assembled a diverse group of expert representatives, from across industry and academia, for an intensive day of focused collaboration. The goal was to address a growing challenge in confidential computing: the distribution of the endorsements and reference values that are so essential to the attestation process, without which we cannot establish trust in our confidential computing environments. It is a data management problem that spans the entire industry, from supply chains all the way to application deployment. How do we tame complexity and fragmentation? How do we scale?
The workshop combined a morning of live, hands-on prototyping, alongside an afternoon of presentations, proposals and discussions.
Key Take-Aways
It was a packed and energetic day, with all participants demonstrating their shared belief that there is a lot of work to do and genuine value to be gained for the industry. Here’s a selection of some of the stand-out topics and activities from the day:
- A brainstorming conversation to elaborate more precise requirements
- An exploration of some of the existing, vendor-specific solutions, and how those might inspire new common solutions
- A survey of the standardisation landscape and the organisations involved
- An innovative proposal to use Manufacturer Usage Description (MUD) files as a resource for the discovery of endorsement artifacts and services
- A presentation and discussion of the new CoSERV query language, which is designed to facilitate the transfer of endorsement data between producers and consumers in a uniform and scalable way
- An update on the proof-of-concept implementation of CoSERV that is currently ongoing in the CCC’s Veraison project.
Read the Full Workshop Report
The workshop has its own repository on GitHub, where you can review the full agenda, along with the list of participants. The full recordings for the afternoon session are also available in the repository, as is the detailed written report. You can also access the report directly here.
Get Involved
The workshop was a chapter in an ongoing story, which you can help to shape. Here are some ways that you can stay informed as this work progresses, or become an active collaborator:
- Follow the IETF RATS Working Group through its meetings and mailing list
- Follow the CCC Attestation SIG and join its regular public meetings or its Slack community
- Follow the Veraison project through its regular meetings or its Zulip chat community
Let’s keep working together, openly, to make the attestation-based secure ecosystem a success.
