Introduction

The widespread usage of sensitive private data across various applications, including domains such as advertising and healthcare, has prompted growing concerns regarding data privacy within the realm of computational processes. A notable trend is the migration of these applications to commodity cloud providers. In this context, data and computational tasks may be encapsulated within virtual machines (VMs) hosted on shared cloud hardware. The isolation of VMs hinges upon the operation of a hypervisor, which is employed to ensure the safeguarding of applications and their associated data within the VMs.

However, this reliance on software stacks introduces a need for applications to trust the underlying system software, encompassing hypervisors and operating systems (OSes). Despite their intended role in protecting applications and their private data, the extensive codebases of these hypervisors and OSes harbor vulnerabilities that pose risks to data integrity and confidentiality. Of particular concern are security vulnerabilities in system software at higher privilege levels, which possess the ability to access application data.

In response to this challenge, the Arm Confidential Compute Architecture (Arm CCA) offers a solution in the form of Realms. Realms represent secure execution environments that remain opaque to privileged but untrusted system software such as OSes and hypervisors. Arm CCA preserves the capability of existing system software to manage hardware resources for Realms, while preventing any breaches of Realm confidentiality and integrity. For instance, Arm CCA permits a hypervisor to allocate or free memory within a Realm VM dynamically, yet restricts access to the sensitive memory contents of that Realm VM. Arm CCA ensures the confidentiality and integrity of active Realm code and data – specifically data within CPU registers and memory – while not extending guarantees regarding their availability. Confidentiality ensures that modifications to private Realm data remain concealed from other Realms or untrusted system software. Integrity guarantees that a Realm will solely perceive modifications to its private data that it has initiated.

To minimize hardware complexity, Arm CCA focuses on introducing core hardware mechanisms for attestation and rudimentary address space protection. The management of these mechanisms is entrusted to firmware. In particular, Arm CCA leverages a feature within the Arm architecture termed the Realm Management Extension (RME). RME introduces a new physical address space named Realm world, which is orthogonal to privilege levels and independent of the prevailing Non-Secure (NS) world utilized for running software stacks. In both worlds, the conventional privilege levels apply, and instructions maintain their established semantics. Nevertheless, software in the NS world is barred from accessing CPU state and memory utilized by software in the Realm world. To oversee Realms, Arm CCA introduces the Realm Management Monitor (RMM), a novel firmware component functioning at a higher privilege level within the Realm world. This setup permits untrusted system software, such as a hypervisor operating in the NS world, to submit requests to RMM for Realm management tasks, encompassing the creation and execution of Realms. RMM ensures the security of Realms by upholding their confidentiality and integrity while processing these requests. Meanwhile, system software in the NS world remains responsible for the comprehensive management of hardware resource allocation to Realms, encompassing tasks like memory allocation and CPU scheduling.

It is noteworthy that RME is an elective feature incorporated within the Arm A-Profile architecture, introduced as of Armv9.3-A. Additionally, the CCA firmware has been made accessible as open-source code.