The Linux Foundation Projects
Skip to main content

Join Us for Monthly Tech Talks: Stay Ahead with the Latest Trends and Insights!

 

5/30/24

Exploring Insights from the May TAC Webinar of the Confidential Computing Consortium

The CCC’s May TAC webinar showcased its commitment to advancing confidential computing standards through collaborative dialogue and proactive community involvement. Stay tuned for more updates and insights from future TAC meetings as the consortium continues to lead innovation in secure computing solutions.

Listen to the full session here.

Here’s a brief summary of the Tech Talk:

  • The meeting, which took place on May 30th, served as a platform for advancing the adoption of confidential computing through collaborative efforts, particularly emphasizing open-source contributions and community engagement.

Participants and Introductions

  • Notable attendees included Alec and Chad Kimes from GitHub, alongside representatives from premier groups like Fritz, David, and Yash, who contributed to a diverse and knowledgeable assembly.

Presentation Topics

  • Marcela and Chad led a comprehensive “trusted builds” presentation exploring CI/CD security measures and platform hardening strategies. This session underscored critical aspects of ensuring robust security frameworks within continuous integration environments.

Administrative Updates

Administrative discussions encompassed logistical matters such as repository access and the scheduling of future sessions. These updates are significant in fostering efficient collaboration and strategic planning for our upcoming technical and policy-driven engagements, ensuring we are well-prepared for what’s to come.

Listen to the full session here.

Here’s a brief summary of the Tech Talk:

  • Diana works on confidential VMs in Google Compute Engine, focusing on AMD and Intel hardware with SEV/P and TDX. Google controls the entire chain for “Confidential Space,” including UEFI, attested container-optimized OS, workload launcher, and verification services.She emphasized the need for a more transparent and trustworthy Trusted Computing Base (TCB) in guest computing contexts. She discussed the challenges and efforts to make UEFI verifiable independently, beyond Google’s internal systems.

    Diana highlighted discrepancies between signed packages and true transparency, advocating for a clearer definition and implementation of transparency in attestation frameworks. She mentioned the role of reference values versus the transparency of those values in the context of security models.

    Ongoing efforts such as Sigstore and Microsoft’s Code Transparency Service aim to enhance transparency across the industry. Diana discussed challenges in reproducibility and the need for better build systems to support transparent UEFI.

    During the Q&A, Diana addressed questions on transparency as endorsement and the operational challenges in maintaining build integrity and security.