Confidential computing: 5 support technologies to explore
Red Hat News, Thursday, June 22,2023
This article is the last in a six-part series (see my previous blog) presenting various usage models for Confidential Computing, a set of technologies designed to protect data in use. In this article, I explore interesting support technologies under active development in the confidential computing community.
Confidential Computing requires support from the host and guest kernel, the hypervisor, and firmware. At the time of writing, that support is uneven between platforms. Hardware vendors tend to develop and submit relatively large patch series, which can take a number of iterations to get approved.
Among the current active areas of development:
- Host kernel support for SEV-SNP
- Hypervisor, guest, and host support for TDX (and a few ancillary firmware projects)
- Platform support for ARM CCA
The impact this has on the attestation process is primarily the appearance of multiple not-yet-stabilized interfaces to collect measurements about the guest, typically exposed as a /dev entry with a variety of similar but not identical ioctls. This is an area where standardization has not even begun.