#ConfidentialComputing #CybersecurityEvolution #TechJourney

Author:  Sal Kimmich

As technology evolves, the need for secure and confidential computing extends beyond servers and data centers to end-user devices such as smartphones, tablets, and personal computers. These devices are increasingly used to collect and process sensitive data, necessitating robust security measures to protect user privacy. One notable project within the Confidential Computing Consortium that addresses this need is Islet.

What is Confidential Computing?

Confidential computing is a security paradigm that aims to protect data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). This approach ensures that sensitive data remains encrypted and secure even when being processed, mitigating the risk of unauthorized access and tampering.

The Importance of Trusted Firmware

Trusted Firmware is the cornerstone of Confidential Computing, providing the essential security features and isolation needed to establish a trusted execution environment. Unlike regular firmware, Trusted Firmware includes mechanisms for secure boot, cryptographic verification, and hardware-based isolation of secure and non-secure execution environments. To understand more on this topic, view our blog on Trusted Firmware. 

Islet: A Platform for On-Device Confidential Computing

Islet is an open-source project designed to enable Confidential Computing on ARM architecture devices using the ARMv9 Confidential Compute Architecture (CCA). Its primary objective is to provide a secure platform for on-device Confidential Computing, thereby protecting user privacy and enabling secure processing of sensitive data directly on end-user devices. Islet is implemented in the Rust programming language, and utilizes Rust’s inherent memory safety features to create a robust and secure environment.

Key Features of Islet

1. Realm Management Monitor (RMM):
   • Operates at EL2 in the Realm world on the application processor cores.
   • Manages confidential virtual machines (VMs), known as realms, ensuring their secure execution.
   • Islet RMM complies with ARm’s specifications for platform ABIs, which enables Islet to integrate seamlessly with the ARM ecosystem, supporting Linux and KVM patch for ARM CCA.
2. Hardware Enforced Security (HES):
   • Performs device boot measurement and generates platform attestation reports.
   • Manages sealing key functionality within a secure hardware IP separate from the main application processor.
3. Automated Verification:
   • Incorporates formal verification techniques to enhance the security of Islet, ensuring robustness against various attack vectors.

Use Case: Confidential Machine Learning

Islet showcases its capabilities through a confidential machine learning demo. In this scenario, a mobile device user interacts with a chat-bot application that runs on Islet. The chat-bot processes the request and communicates with an ML server through a secure channel, demonstrating end-to-end confidential computing. This use case highlights Islet’s potential in enabling secure and private machine-to-machine computing without relying on server-side intervention.

Why End-User Devices Need Confidential Computing

While traditional confidential computing solutions focus on server-side protection, securing end-user devices is equally important for several reasons:

1. Initial Data Collection:
   • Sensitive data collection often begins at the user device level, making it crucial to protect this data from the outset.
2. Privacy Apps:
   • As users increasingly rely on privacy-focused applications such as secure messengers, password managers, and private browsers, ensuring the confidentiality of data on these devices becomes essential.
3. End-to-End Security:
   • By enabling confidential computing on user devices, Islet helps establish end-to-end security throughout the entire data processing path, from collection to computation.
4. Machine-to-Machine Computing:
   • On-device confidential computing facilitates secure machine-to-machine communication, reducing the need for server intervention and enhancing overall security.

Conclusion

Confidential computing is not just for servers and data centers; it is equally critical for end-user devices. Projects like Islet within the Confidential Computing Consortium exemplify the application of Trusted Firmware principles to secure user devices. By providing a robust platform for on-device confidential computing, Islet ensures the privacy and security of sensitive data, paving the way for more secure and private user experiences.

For more information on Islet and its capabilities, visit the Islet GitHub repository.

Author:  Sal Kimmich

Trusted Firmware serves as the foundational layer in confidential computing, ensuring that the hardware and software environment’s security and integrity are maintained. Unlike regular firmware, Trusted Firmware is designed with additional security features and responsibilities to establish a Trusted Execution Environment (TEE). Here’s a deeper dive into what makes Trusted Firmware different and its role in confidential computing.

 

Differences Between Trusted Firmware and Regular Firmware

1. Enhanced Security Features:
   • Regular Firmware: Primarily focuses on initializing hardware components and providing basic services to the operating system.
   • Trusted Firmware: Includes enhanced security features such as cryptographic verification of firmware components, secure boot, and mechanisms to enforce hardware-based isolation of secure and non-secure execution environments.
2. Isolation and Trust:
   • Regular Firmware: Does not inherently provide mechanisms to isolate critical operations or sensitive data from the rest of the system.
   • Trusted Firmware: Establishes a TEE, isolating sensitive operations from the general-purpose operating system and protecting them from potential threats and unauthorized access.
3. Responsibility and Scope:
   • Regular Firmware: Manages standard hardware initialization and operational tasks.
   • Trusted Firmware: Manages secure initialization of hardware features, authenticates and validates software components, and provides a secure execution environment for critical tasks.

Why Trusted Firmware is Necessary

Trusted Firmware is crucial for confidential computing because it provides a secure foundation that prevents unauthorized access and tampering. Here’s why Trusted Firmware is needed and how it differs from the regular OS and firmware:

Need for Trusted OS:

• Purpose: To prevent resources from being accessed directly by the generalist OS running concurrently with it, such as preventing a user with root privileges from accessing sensitive resources.
• Security: The Trusted OS operates with higher privileges and tighter security controls, ensuring that critical operations and data are protected even if the general OS is compromised.

Differences from Normal OS:

• Size and Scope: The Trusted OS is designed to be small and secure, running with higher privileges than the general OS. For instance, in an ARMv8-a system, parts of the Trusted OS run at EL3 (highest privilege), while a hypervisor runs at EL2, and Linux at EL1.
• Purpose: The Trusted OS is not meant to replace the general OS like Linux, which is extensive and feature-rich. Instead, it secures specific resources and operations from the general OS.

Security Provided by Trusted OS:

• Threat Protection: It protects against attempts by users of the general OS to access resources managed by the Trusted OS, including both legitimate and illegitimate access attempts.
• Mechanism: It uses secure mechanisms, such as the SMC instruction, to switch between the general OS and the Trusted OS when necessary to access secure resources.

Switching Between Trusted OS and Normal World:

• Context Switching: Occurs when code running in the general OS needs to access a resource managed by the Trusted OS, such as decrypting content using a key only accessible by the Trusted OS.
• Interrupt Handling: Hardware interrupts may also trigger a switch to the Trusted OS, allowing safe handling of interrupts within the TEE context.

Example Projects

COCONUT Secure VM Service Module (SVSM)

The COCONUT Secure VM Service Module (SVSM) exemplifies Trusted Firmware in confidential computing by providing secure services and device emulations for Confidential Virtual Machines (CVMs). Key features include:

• Integration with AMD SEV-SNP: Utilizes AMD’s Secure Encrypted Virtualization with Secure Nested Paging, including the VM Privilege Level feature, to ensure robust hardware-based security.
• Secure Boot and Authentication: Ensures a secure boot process and component authentication, maintaining a trusted execution path from the firmware to the CVM.

VirTEE

VirTEE is another project that demonstrates the application of Trusted Firmware principles. It focuses on:

• Open Community Development: Collaborative development of tools for TEE bring-up, attestation, and management, supporting a wide range of virtualization platforms.
• Support for Multiple Technologies: Includes tools and libraries for AMD SEV, SEV-SNP, and Intel TDX, providing comprehensive support for secure virtualization across different hardware platforms.

Discover more about VirTEE via their project repository. 

Conclusion

Trusted Firmware is essential for establishing and maintaining secure and reliable confidential computing environments. It provides enhanced security features, isolation, and trust mechanisms that are not present in regular firmware. Projects like COCONUT-SVSM and VirTEE illustrate the practical application of Trusted Firmware principles, showcasing robust frameworks for secure virtualized environments and cross-platform confidential computing. These projects ensure the integrity and confidentiality of sensitive data and operations, advancing the field of secure computing.

 

 

The Confidential Computing Consortium (CCC) is thrilled to announce the launch of a new membership tier tailored specifically for start-ups.  This initiative is designed to empower emerging companies by offering them a unique opportunity to join the CCC community free of charge for the first 12 months. Here’s everything you need to know about this fantastic new offer.

Why This Matters

Confidential Computing is transforming data protection and processing. By using hardware-based techniques to isolate sensitive data, it ensures security even during processing. As the field evolves, collaboration and innovation are essential to keep up with advancements. The CCC plays a pivotal role by uniting industry leaders, researchers, and innovators to drive the future of secure computing.

What is the CCC?

The Confidential Computing Consortium (CCC) unites hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards. As a project community within the Linux Foundation, the CCC is dedicated to defining and promoting Confidential Computing through open governance and collaboration. This initiative includes commitments from numerous member organizations and contributions from several open-source projects, following the successful model of other ambitious efforts.

Introducing the Start-up Membership Tier

We understand the unique challenges that start-ups face, from limited resources to the need for rapid innovation. To support these dynamic enterprises, the CCC has introduced a Start-up Membership Tier, providing eligible start-ups with complimentary membership for their first year. This new tier aims to foster innovation and collaboration among the next generation of leaders in Confidential Computing.

Benefits of Joining

By becoming a CCC member, start-ups gain access to a wealth of resources, including:

• Collaborative Opportunities: Connect with leading companies, researchers, and developers in the field of Confidential Computing.
• Educational Resources: Access cutting-edge research, training materials, and industry insights to stay ahead of the curve.
• Networking: Participate in exclusive events, workshops, and forums to share ideas and explore potential partnerships.
• Influence and Visibility: Contribute to the direction of Confidential Computing standards and gain visibility within the industry.

Eligibility Criteria

To qualify for this exciting new membership tier, start-ups must meet the following criteria:

• Current Member of the Linux Foundation: Your organization must already be a part of the Linux Foundation community.
• Employee Count: Your organization must have fewer than 100 employees.

How to Apply

Applying for the Start-up Membership Tier is simple! If your start-up meets the eligibility criteria, you can submit your application through the CCC website. Once approved, your start-up will enjoy a full year of membership benefits without any fees.

Join Us in Shaping the Future

This is a remarkable opportunity for start-ups to engage with the forefront of Confidential Computing technology. We invite all eligible start-ups to take advantage of this offer and join us in shaping the future of secure, private computing.

For more details and to apply, visit the Confidential Computing Consortium website.

Let’s innovate, collaborate, and shape the future of Confidential Computing together

---

Stay connected with the CCC community by following us on X, LinkedIn, and GitHub.