logo
allArticlesConferencesPresentations

Introducing IO Devices into Trusted Execution Environments

Conference:  Linux Security Summit Europe 2022

2022-09-16

Authors:   Jun Nakajima

Summary

The presentation discusses the inclusion of IO devices into Trusted Execution Environments (TEE) and the software changes required to support it.
  • Current IO virtualization technologies for TEEs have limitations and incur significant performance overhead
  • Direct access to hardware IO devices in VMs requires hardware support such as MMIO and DMA remapping capability
  • Devices and VMs need to be trusted for protection and isolation
  • Intel TDX architecture supports direct assignment and establishment of trust between TDI and TDS
  • Software changes are required for Intel TDX in support of TEIO
  • High-level software flows and new functionality enable Intel TDX support in TEEs
Confidential computing protects data in use by performing computation in a hardware-based Trusted Execution Environment (TEE) such as Intel SGX or Intel’s upcoming Trust Domain Extensions (Intel TDX). However, PCIe-attached devices are outside the TEE’s trust boundary and not allowed to read/write confidential memory, resulting in additional latency and overhead that negatively impacts application performance. The presentation focuses on the security and software changes required to support IO in trusted execution environments, including the use of Intel TDX architecture to establish trust between TDI and TDS and enable direct assignment of IO devices.

Abstract

Confidential computing protects data in use by performing computation in a hardware-based Trusted Execution Environment (TEE) such as Intel SGX or Intel’s upcoming Trust Domain Extensions (Intel TDX). Today, PCIe-attached devices are outside the TEE’s trust boundary and not allowed to read/write confidential memory. This limitation requires TEE VMs to stage the data sent or received from devices in a shared memory buffer accessible to the TEE, IO device and VMM. Further, to protect the confidentiality and integrity of data in the buffer, the data must be encrypted by the sender (either the IO device or TEE VM), transferred to the shared buffer, then decrypted by the receiving entity using software-based encryption/decryption. This process results in additional latency and overhead that negatively impacts application performance. This presentation will focus on security and software changes required to support IO in trusted execution environments. The software requirements for TEE VMs to securely use a device in the Trusted Computing Base with DMA operations against confidential memory using encryption/decryption will be discussed.
Materials:
Slides
Tags:
Confidential computing
Trusted Execution Environment
Intel SGX
Trust Domain Extensions
PCIe

Post a comment

Related work

Trust No One: Bringing Confidential Computing to Containers

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Samuel Ortiz, Eric Ernst

Device Attestation in Hardware TEE based Confidential Computing

Conference:  Linux Security Summit Europe 2022
Authors: Jiewen Yao, Jun Nakajima
2022-09-15

State of Intel SGX in Linux

Conference:  Linux Security Summit Europe 2022
Authors: Roman Volosatovs, Jarkko Sakkinen
2022-09-16

AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture

Conference:  Black Hat USA 2022
Authors:
2022-08-10

Attacking & Defending Kubernetes TEE Enclaves in Critical Infrastructure

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Robert Ficcaglia
2022-05-20

When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security

Conference:  BlackHat USA 2020
Authors:
2020-08-06