We’re excited to announce that Xilinx recently joined the Confidential Computing Consortium (CCC) to help drive the effort to extend Confidential Computing into accelerators and SmartNIC. Before we dive into the details on why we joined the consortium, perhaps we should explain what Confidential Computing is, and what companies make up the Confidential Computing Consortium.
Like matter, data exists in three states: data at rest; in transit; and in-use. Over the past few decades, standards groups and technology companies have been reactively applying security to the first two. Security often involves encryption, so data-at-rest today uses encryption algorithms like AES-XTS while data in transit use technologies like SSL, TLS, and IPsec. Next, we secured data at rest by first encrypting files, then later logical volumes and physical drives. Often hackers are not content using off the shelf tools; they pride themselves on discovering new ways to exploit systems. There are even Dark Web sites where hackers brag about new methods they’ve discovered to compromise systems, and they sometimes share their work. Hackers looked at and, compromised code, that hadn’t been touched in decades resulting in Shellshock security bug. Next, hackers began explored architectural elements of the system, like memory, and produced the Meltdown hardware vulnerability. They then tore through the CPU and found they could exploit speculative execution by tricking CPU registers, resulting in the Spectre vulnerability affecting microprocessors. This is where Confidential Computing comes in.
Confidential Computing seeks to secure data in memory, traveling to and from the host CPU, and finally, during execution on the host CPU. It does this by creating a hardware-based, trusted execution environment (TEE). Last spring, the Linux Foundation realized that extensive reliance on public clouds demanded a more advanced holistic approach to security. Hence, they launched the Confidential Computing Consortium. The Premier members are Accenture, Ant Group, ARM, Facebook, Google, Huawei, Intel, Microsoft, and Redhat. There are over a dozen General members, which includes companies like AMD, NVIDIA, and VMWare.
Confidential Computing can be achieved by assembling a TEE entirely in hardware. The three major CPU platform vendors: Intel, AMD, and ARM, all support a TEE. Intel has produced Software Guard Extensions (SGX), AMD’s offered up Secure Encrypted Virtualization (SEV), and ARM has TrustZone. Developers can leverage these TEE platforms, however, each is different, meaning code written for SGX will not work on an AMD processor. So, where does Xilinx fit in? Our objective is to understand how we can extend a TEE into an accelerator card or provide a method to securely hand off data and code between a host TEE and one executing within the accelerator card.
At this point, our Data Center Group (DCG) is exploring two paths. First, through our strong alliance with AMD, and we are exploring SEV to better understand how it might map to DCG’s future accelerator product plans. The second path involved our licensing of ARM core designs, which are included in many of our chips to handle control plane tasks. ARM has several other research projects underway that they’ve proposed to CCC that further extend TrustZone in ways that might make it much easier for us to secure an accelerator card’s execution environment. We’ve already begun discussions with the ARM team and hope to learn more over the coming months as we start to formulate our security plans for the future.
We believe the contributions of the CCC will bring significant advances to the industry that will further the acceleration of data center solutions with computational trust and security for next-generation cloud and edge computing.