Exploring Insights from the May TAC Webinar of the Confidential Computing Consortium

May 30th, 2024, the Confidential Computing Consortium (CCC) Technical Advisory Council (TAC) convened for its scheduled webinar, covering various pivotal topics and updates. 

The CCC’s May TAC webinar showcased its commitment to advancing confidential computing standards through collaborative dialogue and proactive community involvement. Stay tuned for more updates and insights from future TAC meetings as the consortium continues to lead innovation in secure computing solutions.

Listen to the full session here.

Here’s a brief summary of the Tech Talk:

• The meeting, which took place on May 30th, served as a platform for advancing the adoption of confidential computing through collaborative efforts, particularly emphasizing open-source contributions and community engagement.

Participants and Introductions

• Notable attendees included Alec and Chad Kimes from GitHub, alongside representatives from premier groups like Fritz, David, and Yash, who contributed to a diverse and knowledgeable assembly.

Presentation Topics

• Marcela and Chad led a comprehensive “trusted builds” presentation exploring CI/CD security measures and platform hardening strategies. This session underscored critical aspects of ensuring robust security frameworks within continuous integration environments.

Administrative Updates

Administrative discussions encompassed logistical matters such as repository access and the scheduling of future sessions. These updates are significant in fostering efficient collaboration and strategic planning for our upcoming technical and policy-driven engagements, ensuring we are well-prepared for what’s to come.

Transparent UEFI

May 2nd for a Demo of Transparent UEFI: Diana Glaze from Google Presents at CCC TAC Meeting 2024

Listen to the full session here.

Here’s a brief summary of the Tech Talk:

• Context and Scope:
  • Diana works on confidential VMs in Google Compute Engine, focusing on AMD and Intel hardware with SEV/P and TDX.
  • Google controls the entire chain for “Confidential Space,” including UEFI, attested container optimized OS, workload launcher, and verification services.
• Transparency and Trustworthiness:
  • Diana emphasized the need for a more transparent and trustworthy Trusted Computing Base (TCB) in guest computing contexts.
  • Discussed challenges and efforts to make UEFI verifiable independently, beyond Google’s internal systems.
• Technical Challenges and Philosophical Views:
  • Highlighted discrepancies between signed packages and true transparency, advocating for a clearer definition and implementation of transparency in attestation frameworks.
  • Mentioned the role of reference values versus transparency of those values in the context of security models.
• Future Directions and Standards:
  • Mentioned ongoing efforts such as Sigstore and Microsoft’s Code Transparency Service, aiming to enhance transparency across the industry.
  • Discussed challenges in reproducibility and the need for better build systems to support transparent UEFI.
• Q&A and Discussion:
  • Addressed questions on transparency as endorsement and operational challenges in maintaining build integrity and security.