📃
Confidential Computing 101
HomeTechnologyTry CC!
  • Welcome
  • Confidential Computing
    • What is Confidential Computing
    • What problems Confidential Computing solves
      • Bare Metal
      • Docker
      • Kubernetes
      • Knative
    • Why Confidential Computing
    • How Confidential Computing works
      • Memory Encryption
      • Workload Attestation
      • Confidential Boot
      • Sealing / Binding
      • Secret Provisioning
    • Technology Overview
    • Cloud Service Providers
  • Technology in depth
    • Intel SGX
      • Getting Started
        • Bare Metal Server Installation
        • Enclave Development Environment
        • Intel SGX SDK Setup
      • Technology
        • 🎭Features
        • 💂Threat Model
        • 🆚Versions
        • 🟦Concepts
          • 🏦Memory Encryption
          • 👮Local and Remote Attestation
          • 🖼️DCAP-Attestation Framework
          • 🔑Secret Key Provisioning
      • enclaive Development Kit
        • 🏢Architecture
        • 🌪️Workflow
        • 🌍Tutorials
          • Azure DCdsv3, DCsv2, or DCsv3 Setup
          • Redis in cK8s
          • MongoDB in cK8s
          • K8s + HashiCorp Vault on Azure DCsv3
      • Vault Remote Attestation Plug-In
        • 🏃‍♂️Initialization
        • 👮Attestation
        • ⚙️Configuration
    • Intel TDX
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
          • VT
          • TME/MKTME
          • SGX
        • Features
        • Threat Model
        • Concepts
          • Architecture
            • TDX Module
          • Memory Encryption
            • Confidentiality and Integrity
            • Keys and Key Management
          • TD Partitioning
          • DCAP-Attestation
            • Overview
            • Platform Registration
            • Attestation Report
    • AMD SEV
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
        • Threat Model
        • SME Concepts
          • Use Models
        • SEV-SNP Concepts
          • Features
            • Integrity Threats
            • Reverse Map Table
            • Page Validation
            • Page States
            • Virtual Machine Privilege Levels
            • Interrupt/Exception Protection
            • Trusted Platform Information
            • TCB Versioning
            • VM Launch & Attestation
            • VM Migration
            • Side Channels
          • Use Cases
          • Architecture
            • Encrypted Memory
            • Key Management
          • Software Implications
    • ARM CC
      • Technology
        • Introduction
        • Threat Model
        • Design
        • Comparison
    • Attestation Methods
      • Raw Attestation
      • Raw Attestation with Secure-Boot
      • Raw Attestation with a vTPM
        • AMD Secure VM Service Module and vTPMs
      • Raw Attestation with paravirtualized TPM
  • Resources
    • Youtube
    • Github
    • Products
Powered by GitBook
On this page

Was this helpful?

  1. Technology in depth

Attestation Methods

The different Confidential Computing architectures of the different manufactures are all supporting attestation/remote attestation. The attestation however is realized differently from each manufacturer. In addition the current attestation methods are also getting extended with virtualized Trusted Platform Modules (TPM) in order to enable a wider range of measurements.

The measurements that are being taken through the means of the manufacturer or the TPM are cryptographically sound and capture a snapshot of the systems configuration for the given moment. Through the hardware embedded keys in the TPM or the processor of the CPU manufactures a user can prove that the measurements have been taken through a trusted entity. Interpreting and trusting the results is up to the verifying user.

In order to cover a wide variety of different use cases different attestation methods will be discussed in the chapter. First of all the raw attestation provides the simplest way of measuring the system configuration for a given CPU vendor however due to being a low-level CPU bound implementation not many measurements are being taken. Extending the initial measurements with Secure Boot allows to verify the boot chain with predefined measurements. Adding a vTPM for taking measurements allows the verifier to also verify everything after the Kernel has been launched and attested through earlier measurements from Secure Boot/Vendor Attestation. Last but not least instead of using a vTPM, which has been implemented through vendor specific means, a paravirtualized TPM can be supplied through standard device drivers while providing the same functionality as a vendor specific vTPM.

Last updated 8 months ago

Was this helpful?