Organized by the Confidential Computing Consortium and Opaque, Confidential Computing Summit (CCS) is a conference that brings together a community of actors working in the field of confidential computing. Its goal is to promote the collaboration and dialog between HW vendors, cloud providers and software developers to drive forward the technology while embracing open collaboration. Linaro has been active in the area of confidential computing for over two years and took part in the event to bring awareness to the solution it is putting forward.
In cooperation with Arm and other community members, Linaro has worked to support confidential computing on Arm platforms. The end result is a stack that is based on open source projects that include QEMU, Trusted Firmware-A, EDK2, the Linux kernel, Kata Containers and Confidential Containers (CoCo). It runs on QEMU v8.1 along with Arm’s Fixed Virtual Platform (FVP) emulator. Where to get, build and run the solution is available in this document. We encourage interested parties to try the stack in their environment and take advantage of the public verification service hosted by Linaro. It is provided to exercise an end-to-end scenario where all elements, from firmware to verification, are open and reproducible.
Linaro at Confidential Computing Summit
A significant portion of the conference was devoted to generative Artificial Intelligence, which is currently the main driver of confidential computing demand. Companies and researchers investing massive amounts of resources in the design, training and deployment of AI models are looking to safeguard their assets by relying on cloud infrastructures that offer security and confidentiality guarantees. Other entities such as financial and government organizations are using confidential computing to address the stringent regulations inherent to hosting and manipulating data in a cloud environment. Moving to cloud based computing is also profitable - Mark Russinovich, Chief Technology Officer for Microsoft Azure, reported that Microsoft handled 25 billions dollars worth of transactions on its Azure infrastructure using the support of confidential computing.
True to its core values, Linaro’s two main presentations were related to supporting confidential computing on Arm using open source software. The first session was hosted by Leonardo Garcia and Mathieu Poirier. It presented the joint efforts between Linaro, Arm and other community members to provide a complete software stack to support Arm’s Confidential Computing Architecture. They introduced the different components used to build their solution, gave an overview of where the project currently stands and concluded with a roadmap for the coming months. The second session was headed by Thomas Fossati and fellow Arm employee Mathias Brossard. They talked about the work they have done to integrate Confidential Containers (CoCo) with the CCA Architecture, the attestation service responsible for validating it and an end-to-end demonstration of the entire solution. More specifically, they presented the Rust crate they developed allowing CoCo to gather, verify and appraise attestation evidence. They also talked about how CoCo’s attestation service was integrated with Veraison, an open source attestation verifier. Lastly, Fossati stepped in on another presentation related to the integration of remote attestation into TLS to replace a community member that could not attend.
Other Highlights from Confidential Computing Summit
The rapid adoption of confidential computing has given rise to several proprietary solutions, something that is widely seen as a problem that needs to be addressed. In his keynote presentation, Mike Bursell, executive director of the Confidential Computing Consortium, noted the significance of an antitrust environment as a key factor to accelerate the adoption of confidential computing. He also pointed out the importance of open source software from a security, trust and auditability perspective. An overwhelming number of speakers and participants have highlighted the need to standardise the confidential environments where workloads execute and the attestation process that guarantees the security aspect of those environments. On the latter front, a presentation from Joe Linscott and Raghuram Yelury was especially noteworthy. They emphasised the importance for users of confidential VMs to assert the trustworthiness of execution environments through the process of remote attestation. They also highlighted that attestation results produced by verifiers should adopt a common standard in order for relying parties to consume them seamlessly.
In hindsight
Attending the 2024 edition of the Confidential Computing Summit was a worthy experience. It allowed Linaro to get a really good understanding of the requirements set forward by the users of confidential computing. It also confirmed the importance for the community to work together to establish open and auditable solutions.
Linaro and Arm have made it possible to start experimenting with Arm confidential computing in cloud environments. The base software infrastructure is currently in place on QEMU and the FVP model, allowing providers to integrate CCA with their current use cases. A proof of concept verifier is also available to help exercise end-to-end scenarios. We encourage people to try our solution and keep up to date with the latest developments on the document page as new features are added regularly. Comments, feedback and code are also welcome.