Overview: Let’s take a look at the new ARMv9 secret computing feature Realm.

ARMv9 news is all over the screen. ARMv9 is billed as the most significant change in a decade, so let’s take a look at the new secret computing feature in ARMv9, Realm. (Note: This is a partial translation and personal annotation of Introducing the Confidential Compute Architecture, with images from Anandtech.com.)

background

Over the past few years, we’ve seen security issues and hardware security vulnerabilities make the news. Many processor-side channel vulnerabilities, such as ghosts, meltdowns, and side-channel attacks associated with them, point to a need to rethink how security is addressed at the processor architecture level.

Arm wants to solve this problem by redesigning the way sensitive applications work by introducing the Arm Confidential Computing Architecture (Arm CCA).

Summary of highlights

Arm CCA is based on Armv9 Realm Management Extension (RME), which separates sensitive applications and OS in Realm. Realm is more versatile than Secret Virtual Machines, supporting both secret VIRTUAL machine and secret OS modes.

High Level design

Arm CCA is based on Armv9 Realm Management Extension, and will keep sensitive applications and OS isolated in Realm:

The following points can be concluded from the picture:

1**.** Non-Secure World, Secure World, and Realm are isolated from each other.

• There is no detailed explanation of how this isolation is implemented in the available materials, and it is most likely a hardware-based address space isolation technique.
• Isolation of realms depends on two aspects: Sensitive applications running in realms can also be malicious applications deployed by tenants, so isolation of realms is also necessary, i.e., two-way isolation.

2. Realm can run OS (or Realm OS for short), meaning that Realm provides high privilege support and can run EL1 privileged software.

• Realm OS can take many forms:
• It doesn’t have to be a clipped and security-hardened Linux kernel. You can also have TEE OS designed for Realm, or LibOS (Enarx, Occlum, Graphene, etc.) evolved from other OS technologies that support secret computing. However, this TEE OS cannot be a TEE OS that supports TrustZone, a topic that will be discussed later.
• At present, a development trend of TEE OS is to reduce TCB, reduce the potential attack surface of Rich OS and improve the overall security; But there is disagreement on the need to provide good business logic compatibility:

1) One solution is to put security first without considering the compatibility of services and sacrifice performance and compatibility moderately. 2) The other scheme still attaches importance to the compatibility of existing services. If compatibility is given priority, performance and security can be moderately sacrificed.

PS: Unikernel has another chance!

3. EL2 runs Realm Manager, which manages scheduling and resource allocation for the Realm. This can be expected to be supported by the Arm CCA firmware architecture (similar to ATF, or directly extended in ATF).

• From what we know so far, Realm Manager is new to Arm and is about one-tenth the size of the Hypervisor.
• Realm Manager is much like the SEAM Module in TDX: it provides a new mode of operation for this feature Module at the processor architecture level; This module is responsible for the life cycle and resource management of the Realm, and cannot be replaced by other untrusted components in the system.

4. TrustZone is also untrusted to Realm. That said, Realm doesn’t just deal with computation like TrustZone does

The source isolation problem, but rather the further isolation of sensitive data.

Security threat model

This diagram illustrates Realm’s security threat model, which is typical of secret computing:

The following points can be summarized from this figure: 1. The Hardware manufacturer refers to the peripheral hardware device manufacturer, not the processor hardware manufacturer (such as the Arm or SoC manufacturer). Realm Manager is not part of a Realm, but it is part of the user’s TCB.

usage

Realm looks similar to TDX’s Trust Domain and SEV/CSV secret virtual machines due to its ability to run a full OS, but the following uses reveal a more general aspect of Realm than secret virtual machines:

The following points can be concluded from the picture:

TEE OS in TrustZone is not a generic OS, but is deeply customized in combination with TrustZone. Therefore, TEE OS cannot be directly loaded into Realm and run, breaking the assumption that Realm will iterate based on TrustZone architecture. However, op-TEE compatible TA can run in a Realm as long as the Realm OS supports op-Tee’s TA API. In other words, this chart may also indicate that Arm will provide TA support in Realm OS next, or it may simply demonstrate compatibility with Realm. It’s also possible to run Android apps in Realm.

2. Realm Manager essentially acts like a Hypervisor management VM, except that Realm Manager manages objects in a Realm.

• When a Realm runs the VM, it can be considered that the Hypervisor’s security logic is moved to Realm Manager, leaving the non-security logic in the traditional Hypervisor.

Ealm is only a hardware TEE for running sensitive applications. Users of eALM can load sensitive applications and OS into the Realm via The Realm Manager, or even load an entire virtual machine into the Realm. It is a more general – purpose confidential computing operating environment base.

Not only does Realm technology significantly reduce the need for trust in sensitive applications and the cost of user adaptation to Realm, but the security of the OS itself becomes transparent to Realm applications (however, the security of the services provided by Realm applications and the interfaces exposed by Realm OS remain important). In addition, because critical applications can safely run on any CCA-enabled system, companies and enterprises today often require proprietary equipment with licensed software stacks of various security compliance requirements, this technology can also reduce the cost of user security.

Points not reflected in slide

Applications in realms can attest Realm Manager to ensure that it is trusted.

Memory encryption. This is a necessary capability for secret computing.

The current documentation does not show how the common running capabilities provided by Realm support interactions between Realm and IO devices. It is said that the Confidential IO issue has not been resolved in Realm 1.0 and may be resolved in the next generation of technology.

subsequent

For now, Arm has only provided a high-level explanation of how CCA works, and more details on exactly how the mechanism will work will be announced later this summer. (after)

Introducing the Confidential Compute Architecture

www.anandtech.com/show/16584/…

About Inclavare Containers

Inclavare is the Latin derivation of Enclave, pronounced [ˈinklɑveə].

Enclave refers to a protected execution environment that provides strong security isolation based on cryptographic algorithms for sensitive and confidential data within it, preventing untrusted entities from accessing users’ digital assets.

Inclavare Containers is an open source container Runtime technology stack for confidential computing scenarios jointly developed by Ali Cloud and Intel, which also supports Enclave remote proof basic implementation of heterogeneous nodes, Enclave pooling and multi-type Enclave Runtime features. Serves confidential Kubernetes clusters and confidential containers.

The original link

This article is the original content of Aliyun and shall not be reproduced without permission.