当前位置:首页 > 报告详情

使用 OCP 安全启动、认证和 CXL IDE、TSP、DMTF SPDM 规范协调机密计算.pdf

上传人: 明**** 编号:1011742 2025-12-21 21页 2.07MB

1、Sakul GuptaSr.Principal,MTS Firmware Security Engineer,MicronTechnology Inc.Orchestrating Confidential Compute using OCP Secure Boot,Attestation and CXL IDE,TSP,DMTF SPDM SpecsOrchestrating Confidential Compute using OCP Secure Boot,Attestation and CXL IDE,TSP,DMTF SPDM SpecsSakul GuptaSr.Principal

2、MTS Firmware Security Engineer,Micron Technology Inc.SECURITYCompletes the trifecta of data Protection-while in use via Trusted Execution Environments(TEEs)Ensures confidentiality and integrity,during processingKey enablers:Secure Boot,Attestation,Memory Encryption,Secure CommunicationGoal is to mak

3、e CC ubiquitousMinimize performance hit,for wider and seamless adoptionConfidential Computing,using hardware-based,attested TEEs,protects sensitive data and code against threats during data execution.Confidential Computing,allows the protection of data in use,even against an adversarial platform own

4、er(compromised/malicious cloud manager/system admin)They cannot access the data inside the TEE.They cannot tamper with the execution or memory.This is achieved through:Hardware-based isolation(e.g.,Intel SGX,AMD SEV,CXL TE bits,ARM Realms CCA)Attestation to verify the integrity of the TEE before use

5、.Talking About A Revolution-Confidential Computing!Venn diagram of technologies and their intersection used to protect data-in-useConfidential Computing-protecting data-in-useConfidential Computing Software ComponentsCXL Confidential Compute Reference ArchitectureThe CXL Confidential Compute Referen

6、ce Architecture covers security requirements and behaviors that areneeded to support confidential computing use cases and covers the architectural scope,detecting TSP support,CMA/SPDM,attestation and authentication,memory encryption,transport security,access control,configuration,and Dynamic Capacit

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
1. **Confidential Computing**:通过硬件基础的信任执行环境(TEE)保护敏感数据,即使在敌对平台所有者的情况下也能保护数据在使用的安全性。 2. **关键技术**:Secure Boot、Attestation、Memory Encryption、Secure Communication。 3. **CXL IDE**:支持TEE使用CXL附加内存,包括安全连接、设备认证、状态管理和配置。 4. **TSP (Trusted Security Protocol)**:定义机制将CXL内存设备纳入TEE,支持缓存一致性,使用TE位指示信任执行上下文。 5. **OCP Secure Boot**:通过不可变ROM提供根信任,确保设备可执行认证的固件和软件。 6. **DMTF SPDM Protocol**:用于CXL 2.0的机密性、完整性和重放保护,支持安全内存流量和零信任模型。 7. **安全数据中心启动**:提供端到端数据保护、硬件根信任和可扩展的认证。 8. **挑战**:集成复杂性、密钥管理和供应商互操作性。 9. **目标**:使Confidential Compute普遍化,解决性能瓶颈。
如何实现数据使用中的保密性?" 安全革命背后的技术" 构建可信计算的未来"
客服
商务合作
小程序
服务号
折叠