Arm elaborates on Armv9’s CAA for confidential compute
Earlier this year, Arm introduced the Armv9 architecture. A key feature of this architecture, the Arm Confidential Compute Architecture (Arm CCA) was not fully divulged at the launch.
Confidential computing changes the traditional trust relationship between applications and supervisors by removing the supervisor’s right to access the resources used by the application, while retaining the right to manage them. Removing that right of access is critical because cloud systems can be running payloads from many different customers, and mobile devices can contain both personal and business information, from medical data to company emails.
Currently, applications and virtual machines place huge amounts of trust in the supervisor software (kernels or hypervisors) that manage them. Supervisors can access the resources used by applications for their program code and data. Exploits against supervisors can therefore leak confidential data or algorithms held in the applications.
Arm CCA extends workload isolation to enable a provider to shift from a position where service providers will not access customer data, to one where they cannot access customer data. This reduces the volume of software that must be trusted, the attack surface for hackers, and the potential for customer data or algorithm breaches. Arm CCA introduces the Realm computing environment which protects the data and code, even when in use.
Included in the Arm CAA is the Realm Management Extension (RME), which redefines the hardware architecture for Realms. There is also Dynamic TrustZone technology which is an extension to TrustZone enabled by RME. It removes the need to dedicate memory to TrustZone, allowing TrustZone to be used for applications with large and dynamic memory footprints.
Software and firmware architecture and collaboration with OS vendors and industry bodies drives standard interfaces for interaction with RME firmware by defining a Realm Management Monitor (RMM) and extensions to the Monitor to provide an architecture for Realms.
Arm is working with open-source projects such as trustedfirmware.org to provide standard implementations of Arm CCA firmware, and creating new projects for confidential computing such as project Veraison, which will deliver open-source software for constructing attestation verification services.
The code or data of a Realm is situated in memory that is assigned to that Realm, and any attempted access of that memory from the supervisory software that created the Realm (kernel or hypervisor), or by TrustZone code, other Realms or devices not trusted by the Realm, are blocked and result in faulting exceptions. To enable this, a new data structure has been added to the architecture – the Granule Protection Table. This structure tracks whether a page is to be used for Realms, TrustZone or for the normal world, where existing applications, kernel, or a hypervisor conventionally run. The hardware checks this table upon every access and blocks any that are illegal. A hypervisor or kernel can indirectly update this table, allowing pages to migrate between normal world use and Realms, or even between normal world use and TrustZone use. There is the ability to dynamically move memory resources among different security environments.
Arm CCA is going to provide the next layer of security required everywhere computing happens. In the data centre, providers can use it to take more infrastructure out of the data path to reduce the risk of a breach while tenants can migrate ever more sensitive workloads away from on-premises systems and into the cloud.
Arm predicts that soon, 100 per cent of the world’s shared data will be processed on Arm; either at the endpoint, in the data networks or the cloud. Arm’s vision is for Arm CCA is to protect all data and code wherever computing happens, while empowering developers to implement strong privacy controls.