使用 OCP 安全启动、认证和 CXL IDE、TSP、DMTF SPDM 规范协调机密计算.pdf

1、Sakul GuptaSr.Principal,MTS Firmware Security Engineer,MicronTechnology Inc.Orchestrating Confidential Compute using OCP Secure Boot,Attestation and CXL IDE,TSP,DMTF SPDM SpecsOrchestrating Confidential Compute using OCP Secure Boot,Attestation and CXL IDE,TSP,DMTF SPDM SpecsSakul GuptaSr.Principal

2、MTS Firmware Security Engineer,Micron Technology Inc.SECURITYCompletes the trifecta of data Protection-while in use via Trusted Execution Environments(TEEs)Ensures confidentiality and integrity,during processingKey enablers:Secure Boot,Attestation,Memory Encryption,Secure CommunicationGoal is to mak

3、e CC ubiquitousMinimize performance hit,for wider and seamless adoptionConfidential Computing,using hardware-based,attested TEEs,protects sensitive data and code against threats during data execution.Confidential Computing,allows the protection of data in use,even against an adversarial platform own

4、er(compromised/malicious cloud manager/system admin)They cannot access the data inside the TEE.They cannot tamper with the execution or memory.This is achieved through:Hardware-based isolation(e.g.,Intel SGX,AMD SEV,CXL TE bits,ARM Realms CCA)Attestation to verify the integrity of the TEE before use

5、.Talking About A Revolution-Confidential Computing!Venn diagram of technologies and their intersection used to protect data-in-useConfidential Computing-protecting data-in-useConfidential Computing Software ComponentsCXL Confidential Compute Reference ArchitectureThe CXL Confidential Compute Referen

6、ce Architecture covers security requirements and behaviors that areneeded to support confidential computing use cases and covers the architectural scope,detecting TSP support,CMA/SPDM,attestation and authentication,memory encryption,transport security,access control,configuration,and Dynamic Capacit