Cloud
Examine critical components of Cloud computing with Intel® software experts
134 Discussions

Attested Boot with User's Customized Encrypted TD OS image

Yunge_Zhu_Intel
Employee
0 0 1,389

Authored by: Yunge Zhu (Intel, Cloud Software Engineer), Guorui Yu (Alibaba Cloud, Security Expert),  Qianyue (Alibaba Cloud, Senior Technical Specialist), Jiale Zhang (Alibaba Cloud, Engineer)

 

Intel® TDX technology is user friendly and can be seamlessly deployed and migrated on a large scale within the Alibaba Cloud environment, fostering a more adaptable and user-friendly confidential cloud computing ecosystem. 

Intel TDX ArchIntel TDX Arch

 

Usually, the cloud service providers offer alternative policy for the users who want to deploy their own customized guest OS image. In this case, users may have security concerns with below two scenarios.

 

Scenarios1:

End-users deploy sensitive workloads/data in untrusted private cloud infrastructure.

  • As the restriction of network in private cloud environment, end-users need pre-install the workloads/data in the guest OS image.
  • End-users are concerned that the cloud infrastructure cloud affect the workloads/data via controlling the guest OS image.

Scenarios2:

End-users deploy encrypted customized guest OS image in untrusted public cloud infrastructure.

  • End-users want to deploy self-customized guest OS image, which is not expected to be impacted/readable by CSP.
  • The customized OS image is pre-installed sensitive workloads/data and customers would be concerned about the security during the boot process.

Based on above scenarios, Alibaba and Intel built a security enhanced solution to provide an E2E encrypted TDVM solution to protect the guest OS image with below functionalities:

  • Encrypted guest OS image (rootfs partition) with user self-defined encryption key by leveraging standard/opensource tools (LUKS) to protect confidential or personally identifiable information against any possible data breach during the OS booting process and OS image stored in cloud environment.
  • Verify the identity of the guest VM and the platform by the remote attestation capability.
  • Protect the secret disk key in transition with TLS enhanced by the attestation ability.

 

enc-image.png

 

Solution Ingredients

  • Alibaba Cloud 8th Gen Enterprise ECS Instance with Intel TDX, Providing Better Security Protection for Enterprise Cloud Services.
  • Encrypted TDVM guest OS image. This solution will create a new encrypted image based on this TDVM guest OS image. The reference TDVM guest OS images (Ubuntu22.04 and RHEL8.6) are provided here for users.
  • Components/Services for TDX remote attestation - KBS & ASKBS is a secret resource distribution service based on remote attestation, used to securely and efficiently inject keys for decrypting image into verified TDVM. AS is a trusted service used to verify remote attestation evidence, it provides a customizable policy engine to support user-defined fine-grained attestation verification. KBS is deployed together with AS in a trusted environment under user control, and KBS accesses AS through gRPC to obtain verification results of the evidence provided by TDVM.
  • Encryption Tools - LUKS (Linux Unified Key Setup). LUKS is the standard for Linux disk encryption. By providing a standardized on-disk format, it not only facilitates compatibility among distributions, but also enables secure management of multiple user passwords. LUKS stores all necessary setup information in the partition header, which enables users to transport or migrate data seamlessly. 

 

Workflow

the high-level workflow of this solution can be descripted as the following steps:

  • Step1: Create an encrypted TDVM image from a base image. Specifically, a new TDVM image that includes an EFI partition, a boot partition, and the most crucial one - a root partition is created. During the creating new encrypted image, components (initramfs hooks, RA scripts, and other software dependencies) will be included in the new image to enable the subsequent guest VM startup.
  • Step2: Steup remote attestation service. During the encrypted image boot, it will send remote attestation to fetch the key to decrypt the encrypted Rootfs partition. The KBS will wait for the request from the client. The client sends a fresh TDX Quote to KBS through a simple and efficient 4-pass message delivery. KBS first forwards the Quote to AS for verification, and after verification passed, obtains a token representing the attestation results. Then KBS transmits the encrypted key data to the client through the TLS channel.
  • Step3: Launch the encrypted TDVM OS image in Alibaba online environment. The hooks inside the initramfs request the attestation report and sent it to the attestation server when the kernel is booted. If the verification is passed, a trusted communication channel can be built and the key to decrypt the root partition is retrieved by the TDVM. The initramfs hook(s) then decrypts the TDVM’s root filesystem with the key.

 

Conclusion

Ensuring the security and privacy of customer data is a top priority for cloud service providers like Alibaba Cloud. Alibaba Cloud is committed to delivering enhanced data security through a combination of advanced technologies, including the data protection matrix from 4th gen Intel® Xeon® Scalable processors, Intel® TDX technology, and various Alibaba Cloud security services. These tailored confidential computing solutions enable customers to safeguard their cloud data assets more effectively. Looking ahead, Alibaba Cloud plans to expand its collaboration with Intel to create a more secure, open, and dependable cloud computing infrastructure, catering to a broader range of industries and fields. 

 

[1] For more Alibaba Cloud TDX information, please visit Build a TDX confidential computing environment in Alibaba Cloud

[2] For more confidential computing solutions based on Intel TEE (SGX/TDX) , please visit Confidential Computing Zoo (CCZoo) cczoo.jpg

 

Tags (3)
About the Author
Yunge is a PSE Team engineer (DCAI China). He focuses on Confidential Computing collaborations with China CSPs and support Intel customers to enable Intel SGX and TDX technologies. He is also the maintainer of Intel opensource project CCZoo: https://github.com/intel/confidential-computing-zoo.