One of the biggest challenges in early computing was the management of compute resources, to maximize compute efficiency while providing separation of resources allocated to different programs or users. This gave rise to the timesharing model we mostly use today, where programs run under the control of supervisory software such as a kernel, a hypervisor or both.
Today, in most architectures, that supervisor has full access to the content of a program - such as its code or the data it is processing. That is, the supervisor has both the right to manage resources, and the right to access those resources. This creates a security challenge since developers of programs need to trust that the supervisor will not leak their secrets or tamper with their programs. It creates a trust dependency between software vendors providing applications or business solutions, the software vendors providing computing platforms, and the administrators of those platforms.
Confidential Computing is a paradigm shift that is sweeping across the industry, transforming how we think about the trust model of compute environments. In essence, it changes the traditional trust relationships by removing the supervisor’s right to access the resources, while crucially retaining the right to manage them.
The Arm architecture provides a range of technologies that can be used to prevent a supervisor from accessing resources of less privileged software, such as TrustZone® and Secure and Non-secure virtualization. In March 2021, we announced the Arm Confidential Compute Architecture, or Arm CCA, a key component of the Armv9-A architecture. Arm CCA encompasses the latest enhancements to Arm’s support for confidential computing in Armv9-A. Our vision for Arm CCA is to protect all data and code wherever the computing happens – unlocking the power and potential of data and AI, while simultaneously empowering developers to implement strong privacy controls.
Removing that right of access is important. The devices we use today, whether personal or in the cloud, handle large quantities of confidential data. In a cloud, a given machine can be running payloads from many different customers. Mobile handsets can contain personal information, such as medical data, or business information such as company email. Arm CCA dramatically reduces the need to trust unseen technology within any compute environment. For example, tenants of a typical Infrastructure as a Service (IaaS) product understand that their provider will not access their data. However, they must accept that their data may be accessible to systems and processes that they cannot easily audit. Arm’s confidential compute architecture extends workload isolation to enable a provider to shift further from a position where they will not access customer data, to one where they cannot access customer data. Thereby reducing the volume of software that must be trusted, the attack surface for hackers, and the potential for customer data breaches.
Today we are providing more details on our progress in this architecture at the Linaro and Arm CCA Tech event and releasing Arm architecture supplements for CCA.
In the Armv8-A architecture TrustZone and virtualization are the main pillars of secure compute. TrustZone divides the compute into a Secure world, for running trusted applications and trusted operating systems, and the Normal world, for running standard applications and operating systems. Secure world software has access to the Secure physical address space, which cannot be accessed by the Normal world. This isolation protects the trusted applications and Trusted OS. Typically, the memory for the Secure physical address space is carved out statically at boot time. TrustZone works well for platform security use cases which are limited in number. However, confidential computing aims to allow any third-party developer to protect their VM or application. Therefore, it must be possible at run time to protect any memory associated with a VM or application, without limits or carve outs. In addition, it is still important to support TrustZone for platform security.
Arm CCA introduces a new kind of confidential compute environment which we call a realm. Any code or data belonging to a realm, whether in memory or in registers, cannot be accessed or modified by:
Attempts by those entities to access a realm’s code, data or register state, are blocked and result in a faulting exception.
Realms run inside a newly introduced realm world and memory at runtime can be moved between Normal world and realm world, or even between Normal and Secure worlds. This is achieved through a new data structure that has been added to architecture - the Granule Protection Table (GPT). This structure tracks whether a page is to be used for realm world, Secure world or Normal world. The hardware checks this table on every access and enforces isolation between worlds, blocking accesses that are illegal, such as an access from a hypervisor to realm world page. Within a world, translation tables provide further isolation, this is how realms are isolated from each other. A hypervisor or kernel can indirectly update the GPT, allowing pages to migrate between Normal world use and realm use, or even between Normal world use and TrustZone use. Memory is encrypted and scrubbed to ensure its contents cannot be accessed by successive users. This ability to dynamically move memory resources among different security environments is a key change in the architecture.
Hypervisors and kernels manage resources, mainly processor cycles and memory, much in the same way they do for VMs and processes today. Supervisory software still needs to be able to create and destroy realms, add memory to or remove memory from realms, and to schedule realm execution. Policy code aimed at deciding when to perform these operations for VMs and processes can be directly reused for realm management. However, the mechanics differs because supervisors are prevented from accessing realm content. These operations require interaction with secure firmware components, which manage the Granule Protection Table, as well as realm translation tables and contexts. Arm CCA aims to standardize the essential firmware interfaces and to make this firmware simple, small, and easy to audit and verify.
Realm deployment requires provision of a mechanism by which realm code can verify that it is running on a real Arm CCA platform, and that its code and data are valid. Arm CCA supports the generation of platform and realm attestation reports. Arm is working together with key industry partners, including members of the Confidential Compute Consortium, to define the properties of this attestation mechanism. Industry collaboration is crucial so that common approaches to platform authenticity and provenance is used across different form factors and devices. It is very important to ensure that the process of attestation itself does not impinge on user privacy.
The race is on to see whether the first production deployments of Realms will occur in the cloud datacentre, where providers manage workloads from different customers within the same server. Or, in other segments where workloads also demand stronger protection.
There is a clear trend in datacenters towards confidential computing, which is quickly becoming a must-have feature for cloud processor architectures. In particular, regarding moving from a ‘will not’ access model to a ‘cannot access’ model. Cloud providers can use Arm CCA to remove the need to trust their infrastructure, which in turn allows their customers to migrate ever more sensitive workloads away from their on-premise systems.
However, just as other cloud computing is moving to the edge, so will confidential computing. Our mobile and wearable devices now span our personal and work lives, with work and personal data often coexisting on the same devices. Trends like ambient computing are seeking to make interaction with devices far more seamless and tailored to us as individuals. Additionally, the opportunities to improve our heath through technology have become clear. However, each of these advances places new pressure on the ability of these devices to protect our data. For example, to progress health services and science we need secure ways to aggregate data anonymously. Smart cities and autonomous vehicles need increased levels of mutual trust and businesses need to know their data is safe on our personal devices.
In March of this year, we announced Amv9-A, and Arm’s vision for the next decade. Currently there are 180bn-plus Arm-based devices, forward to the ecosystem’s next 300bn chips. We predict a world in which virtually every piece of shared data will, at some point in its lifetime, be processed by an Arm-powered device. Through our efforts in architecture development, we are driving the ‘just right’ balance of standardization that allows efficient use of all the software investments, while enabling our partners to innovate the next generation of devices. Crucially, our Armv9-A architecture and technologies provide the building blocks for the real challenges of the decade ahead, continuing to create trust throughout the network, and defending against the ever-increasing security challenges. Arm CCA is one of the key Armv9-A architectures poised to help the ecosystem unlock the security needed to protect privacy and intellectual property, enabling data and AI to reach their full potential.