-
Notifications
You must be signed in to change notification settings - Fork 161
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1433 from pareenaverma/content_review
CCA Essentials Attestation LP
- Loading branch information
Showing
11 changed files
with
416 additions
and
69 deletions.
There are no files selected for viewing
40 changes: 40 additions & 0 deletions
40
content/learning-paths/servers-and-cloud-computing/cca-essentials/_index.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| --- | ||
| title: Run an Attestation with Arm Confidential Compute Architecture (CCA) | ||
|
|
||
| minutes_to_complete: 120 | ||
|
|
||
| who_is_this_for: This is an advanced topic for software developers who want to see a practical example of how attestation is used with Arm's Confidential Computing Architecture (CCA). | ||
|
|
||
| learning_objectives: | ||
| - Understand how attestation is used with Arm's Confidential Computing Architecture (CCA). | ||
| - Deploy a simple workload in a CCA realm on an Armv-A AEM Base FVP (Fixed Virtual Platform) with support for RME extensions. | ||
| - Connect the workload with additional software services to create an end-to-end example for using attestation to unlock the confidential processing of data. | ||
|
|
||
| prerequisites: | ||
| - An AArch64 or x86_64 computer running Linux. You can use cloud instances, refer to the list of [Arm cloud service providers](/learning-paths/servers-and-cloud-computing/csp/). | ||
| - Completion of the [Introduction to CCA Attestation with Veraison](/learning-paths/servers-and-cloud-computing/cca-veraison) learning path. | ||
| - Completion of the [Run an application in a Realm using the Arm Confidential Computing Architecture (CCA)](learning-paths/servers-and-cloud-computing/cca-container/) learning path. | ||
|
|
||
| author_primary: Arnaud de Grandmaison, Paul Howard and Pareena Verma | ||
|
|
||
| ### Tags | ||
| skilllevels: Advanced | ||
| subjects: Performance and Architecture | ||
| armips: | ||
| - Neoverse | ||
| operatingsystems: | ||
| - Linux | ||
| tools_software_languages: | ||
| - GCC | ||
| - FVP | ||
| - RME | ||
| - CCA | ||
| - Docker | ||
| - Veraison | ||
|
|
||
| ### FIXED, DO NOT MODIFY | ||
| # ================================================================================ | ||
| weight: 1 # _index.md always has weight of 1 to order correctly | ||
| layout: "learningpathall" # All files under learning paths have this same wrapper | ||
| learning_path_main_page: "yes" # This should be surfaced when looking for related content. Only set for _index.md of learning path content. | ||
| --- |
44 changes: 44 additions & 0 deletions
44
content/learning-paths/servers-and-cloud-computing/cca-essentials/_next-steps.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| # ================================================================================ | ||
| # Edit | ||
| # ================================================================================ | ||
|
|
||
| next_step_guidance: > | ||
| You now have an understanding of how attestation is used with Arm's Confidential Computing Architecture (CCA). You can also build the complete Arm CCA software stack yourself and validate your applications on an Arm FVP ahead of silicon availability. | ||
| # 1-3 sentence recommendation outlining how the reader can generally keep learning about these topics, and a specific explanation of why the next step is being recommended. | ||
|
|
||
| recommended_path: "/learning-paths/servers-and-cloud-computing/rme-cca-basics/" | ||
| # Link to the next learning path being recommended(For example this could be /learning-paths/servers-and-cloud-computing/mongodb). | ||
|
|
||
|
|
||
| # further_reading links to references related to this path. Can be: | ||
| # Manuals for a tool / software mentioned (type: documentation) | ||
| # Blog about related topics (type: blog) | ||
| # General online references (type: website) | ||
|
|
||
| further_reading: | ||
| - resource: | ||
| title: Arm Confidential Compute Architecture | ||
| link: https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture | ||
| type: website | ||
| - resource: | ||
| title: Arm Confidential Compute Architecture open source enablement | ||
| link: https://www.youtube.com/watch?v=JXrNkYysuXw | ||
| type: video | ||
| - resource: | ||
| title: Learn the architecture - Realm Management Extension | ||
| link: https://developer.arm.com/documentation/den0126 | ||
| type: documentation | ||
| - resource: | ||
| title: Realm Management Monitor specification | ||
| link: https://developer.arm.com/documentation/den0137/latest/ | ||
| type: documentation | ||
|
|
||
| # ================================================================================ | ||
| # FIXED, DO NOT MODIFY | ||
| # ================================================================================ | ||
| weight: 21 # set to always be larger than the content in this path, and one more than 'review' | ||
| title: "Next Steps" # Always the same | ||
| layout: "learningpathall" # All files under learning paths have this same wrapper | ||
| --- |
49 changes: 49 additions & 0 deletions
49
content/learning-paths/servers-and-cloud-computing/cca-essentials/_review.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| --- | ||
| # ================================================================================ | ||
| # Edit | ||
| # ================================================================================ | ||
|
|
||
| # Always 3 questions. Should try to test the reader's knowledge, and reinforce the key points you want them to remember. | ||
| # question: A one sentence question | ||
| # answers: The correct answers (from 2-4 answer options only). Should be surrounded by quotes. | ||
| # correct_answer: An integer indicating what answer is correct (index starts from 0) | ||
| # explanation: A short (1-3 sentence) explanation of why the correct answer is correct. Can add additional context if desired | ||
|
|
||
|
|
||
| review: | ||
| - questions: | ||
| question: > | ||
| The Arm Confidential Compute Architecture (CCA) is available on all Arm devices. | ||
| answers: | ||
| - "True" | ||
| - "False" | ||
| correct_answer: 2 | ||
| explanation: > | ||
| CCA requires the Realm Management Extension (RME) to the Armv9-A architecture, as well as support within the software stack running on the device. | ||
| - questions: | ||
| question: > | ||
| kvmtool supports the creation of Realm guests. | ||
| answers: | ||
| - "True" | ||
| - "False" | ||
| correct_answer: 1 | ||
| explanation: > | ||
| kvmtool supports the creation of realm guests that conform with the Arm RME specification. | ||
| - questions: | ||
| question: > | ||
| An application running in the Realm inherits its confidential protection. | ||
| answers: | ||
| - "True" | ||
| - "False" | ||
| correct_answer: 1 | ||
| explanation: > | ||
| The guest VM is the realm and an application running in it inherits the confidential protection of the guest VM. | ||
| # ================================================================================ | ||
| # FIXED, DO NOT MODIFY | ||
| # ================================================================================ | ||
| title: "Review" # Always the same title | ||
| weight: 20 # Set to always be larger than the content in this path | ||
| layout: "learningpathall" # All files under learning paths have this same wrapper | ||
| --- |
35 changes: 35 additions & 0 deletions
35
...ent/learning-paths/servers-and-cloud-computing/cca-essentials/cca-essentials.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| --- | ||
| # User change | ||
| title: "Overview of the Software Architecture" | ||
|
|
||
| weight: 2 # 1 is first, 2 is second, etc. | ||
|
|
||
| # Do not modify these elements | ||
| layout: "learningpathall" | ||
| --- | ||
|
|
||
| ## Overview | ||
| In this learning path you will learn how attestation can control the release of confidential data into a confidential Linux realm for processing. | ||
|
|
||
| The role of attestation is to assess whether the target compute environment (the Linux realm, in this case) offers a provable level of confidential isolation. This assessment needs to occur before the realm can be trusted to receive confidential data or algorithms. This use of attestation to judge the trustworthiness of a compute environment, before allowing it to do any processing, is a common pattern in confidential computing. Here, you will learn about this pattern using a minimal set of software components. | ||
|
|
||
| ## Understanding the key software components | ||
| In this learning path, you will make use of a key broker service, or KBS. The role of the KBS is to be a repository for encryption keys or other confidential data resources. A KBS will release such secrets for processing in a confidential computing environment, but only when that environment has proved itself trustworthy through attestation. | ||
|
|
||
| The workload that runs inside the realm is a client of the KBS. It calls the KBS to request a secret. The KBS will not return the secret immediately. Instead, it will issue an attestation challenge back to the client. The client must respond with evidence in the form of a [CCA attestation token](/learning-paths/servers-and-cloud-computing/cca-container/cca-container/#obtain-a-cca-attestation-token-from-the-virtual-guest-in-a-realm). | ||
|
|
||
| When the KBS receives an attestation token from the realm, it needs to call a verification service that will check the token's cryptographic signature and verify that it denotes a confidential computing platform. As you saw in the [Introduction to CCA Attestation with Veraison learning path](/learning-paths/servers-and-cloud-computing/cca-veraison), Linaro provides such an attestation verifier for use with pre-silicon CCA platforms. This verifier is built from the open-source [Veraison project](https://github.com/veraison). The KBS calls this verifier to obtain an attestation result. The KBS can then use this result to decide whether to release the secrets into the realm for processing. | ||
|
|
||
| For additional security, the KBS does not release any secrets in clear text, even after a successful verification of the attestation token. Instead, the realm provides an additional public encryption key to the KBS. This is known as a wrapping key. The KBS will use this public key to encrypt(wrap) the secrets. The client workload inside the realm is then able to use its own private key to unwrap the secrets and use them. | ||
|
|
||
| In this learning path example, you will see the secret that is exchanged between the KBS and the realm is a small string value, which the realm will decrypt and echo to its console window once all the attestation steps have succeeded. | ||
|
|
||
| For convenience, both the KBS and the client software are packaged in docker containers, which you can execute on any suitable development machine (aarch64 or x86_64). Since the client software runs in a realm, it makes use of the Fixed Virtual Platform (FVP) and the reference software stack for Arm CCA. If you have not yet familiarised yourself with running applications in realms using FVP and the reference software stack, please refer to the [Run an application in a Realm using the Arm Confidential Computing Architecture (CCA)](/learning-paths/servers-and-cloud-computing/cca-container) learning path. | ||
|
|
||
| The attestation verification service is hosted by Linaro, so it will not be necessary for you to build or deploy this service yourself. | ||
|
|
||
| Shown in this figure below is the software architecture you will construct to run the attestation example in this learning path. | ||
|
|
||
|  | ||
|
|
||
| You can now proceed to the next section to run the end-to-end attestation example with the software components and architecture as described. |
Binary file added
BIN
+84.1 KB
...nt/learning-paths/servers-and-cloud-computing/cca-essentials/cca-essentials.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
174 changes: 174 additions & 0 deletions
174
content/learning-paths/servers-and-cloud-computing/cca-essentials/example.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,174 @@ | ||
| --- | ||
| # User change | ||
| title: "Run an end-to-end Attestation with Arm CCA" | ||
|
|
||
| weight: 3 # 1 is first, 2 is second, etc. | ||
|
|
||
| # Do not modify these elements | ||
| layout: "learningpathall" | ||
| --- | ||
|
|
||
| ## Run the Key Broker Server | ||
|
|
||
| The concept of a KBS is a common one in confidential computing, and there are multiple open-source implementations, including the [Trustee](https://github.com/confidential-containers/trustee) from the [CNCF Confidential Containers](https://confidentialcontainers.org/) project. The KBS in this learning path is part of the [Veraison](https://github.com/veraison) project. It has been created specifically for educational purposes and not designed for production use. Its aim is to be small and simple to understand. | ||
|
|
||
| First, pull the docker container image with the pre-built KBS and then run the container: | ||
|
|
||
| ```bash | ||
| docker pull armswdev/cca-learning-path:cca-key-broker-v1 | ||
| docker run --rm -it armswdev/cca-learning-path:cca-key-broker-v1 | ||
| ``` | ||
|
|
||
| Now within your running docker container, get a list of network interfaces: | ||
|
|
||
| ```bash | ||
| ip -c a | ||
| ``` | ||
|
|
||
| The output should look like: | ||
|
|
||
| ```output | ||
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 | ||
| link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | ||
| inet 127.0.0.1/8 scope host lo | ||
| valid_lft forever preferred_lft forever | ||
| inet6 ::1/128 scope host | ||
| valid_lft forever preferred_lft forever | ||
| 20: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default | ||
| link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 | ||
| inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 | ||
| valid_lft forever preferred_lft forever | ||
| ``` | ||
| Start the key broker server on the `eth0` network interface: | ||
|
|
||
| ```bash | ||
| ./keybroker-server -v --addr 172.17.0.2 | ||
| ``` | ||
|
|
||
| The output should look like: | ||
|
|
||
| ```output | ||
| INFO starting 16 workers | ||
| INFO Actix runtime found; starting in Actix runtime | ||
| INFO starting service: "actix-web-service-172.17.0.2:8088", workers: 16, listening on: 172.17.0.2:8088 | ||
| ``` | ||
|
|
||
| With the key broker server running in one terminal, open up a new terminal in which you will run the key broker client. | ||
|
|
||
| ## Run the Key Broker Client | ||
|
|
||
| In a new terminal, pull the docker container image which contains the FVP and pre-built software binaries to run the key broker client in a realm. | ||
|
|
||
| ```bash | ||
| docker pull armswdev/cca-learning-path:cca-simulation-v1 | ||
| ``` | ||
|
|
||
| Now run this docker container: | ||
| ```bash | ||
| docker run --rm -it armswdev/cca-learning-path:cca-simulation-v1 | ||
| ``` | ||
|
|
||
| Within you running container, launch the `run-cca-fvp.sh` script to run the Arm CCA pre-built binaries on the FVP: | ||
|
|
||
| ```bash | ||
| ./run-cca-fvp.sh | ||
| ``` | ||
| The run-cca-fvp.sh script uses the screen command to connect to the different UARTs in the FVP. | ||
|
|
||
| You should see the host Linux kernel boot on your terminal. You will be prompted to log in to the host. Enter root as the username: | ||
|
|
||
| ```output | ||
| [ 4.169458] Run /sbin/init as init process | ||
| [ 4.273748] EXT4-fs (vda): re-mounted 64d1bcff-5d03-412c-83c6-48ec4253590e r/w. Quota mode: none. | ||
| Starting syslogd: OK | ||
| Starting klogd: OK | ||
| Running sysctl: OK | ||
| Starting network: [ 5.254843] smc91x 1a000000.ethernet eth0: link up, 10Mbps, half-duplex, lpa 0x0000 | ||
| udhcpc: started, v1.36.1 | ||
| udhcpc: broadcasting discover | ||
| udhcpc: broadcasting select for 172.20.51.1, server 172.20.51.254 | ||
| udhcpc: lease of 172.20.51.1 obtained from 172.20.51.254, lease time 86400 | ||
| deleting routers | ||
| adding dns 172.20.51.254 | ||
| OK | ||
| Welcome to the CCA host | ||
| host login: root | ||
| (host) # | ||
| ``` | ||
| Use kvmtool to launch guest Linux in a Realm: | ||
| ```bash | ||
| cd /cca | ||
| ./lkvm run --realm --disable-sve --irqchip=gicv3-its --firmware KVMTOOL_EFI.fd -c 1 -m 512 --no-pvtime --force-pci --disk guest-disk.img --measurement-algo=sha256 --restricted_mem | ||
| ``` | ||
| You should see the realm boot. After boot up, you will be prompted to log in at the guest Linux prompt. Use root again as the username: | ||
|
|
||
| ```output | ||
| Starting syslogd: OK | ||
| Starting klogd: OK | ||
| Running sysctl: OK | ||
| Starting network: udhcpc: started, v1.36.1 | ||
| udhcpc: broadcasting discover | ||
| udhcpc: broadcasting select for 192.168.33.15, server 192.168.33.1 | ||
| udhcpc: lease of 192.168.33.15 obtained from 192.168.33.1, lease time 14400 | ||
| deleting routers | ||
| adding dns 172.20.51.254 | ||
| OK | ||
| Welcome to the CCA realm | ||
| realm login: root | ||
| (realm) # | ||
| ``` | ||
|
|
||
| Now run the key broker client application in the realm. Use the endpoint address that the key broker server is listening on in the other terminal: | ||
| ```bash | ||
| cd /cca | ||
| ./keybroker-app -v --endpoint http://172.17.0.2:8088 skywalker | ||
| ``` | ||
| In the command above `skywalker` is the key name that is requested from the key broker server. After some time, you should see the following output: | ||
| ``` | ||
| INFO Requesting key named 'skywalker' from the keybroker server with URL http://172.17.0.2:8088/keys/v1/key/skywalker | ||
| INFO Challenge (64 bytes) = [0f, ea, c4, e2, 24, 4e, fa, dc, 1d, ea, ea, 3d, 60, eb, a6, 8f, f1, ed, 1a, 07, 35, cb, 5b, 1b, cf, 5b, 21, a4, bc, 14, 65, c2, 21, 3f, bf, 33, a0, b0, 7c, 78, 3a, a6, 32, c6, 34, be, ff, 45, 98, f4, 17, b1, 24, 71, 4f, 9c, 75, 58, 37, 3a, 28, ea, 97, 33] | ||
| INFO Submitting evidence to URL http://172.17.0.2:8088/keys/v1/evidence/3974368321 | ||
| INFO Attestation failure :-( ! AttestationFailure: No attestation result was obtained. No known-good reference values. | ||
| ``` | ||
| You can see from the key broker client application output that the `skywalker` key is requested from the key broker server, which did send a challenge. The key broker client application uses the challenge to submit its evidence back to the key broker server, but it gets an attestation failure. This is because the server does not have any known good reference values. | ||
|
|
||
| Now look at the key broker server output on the terminal where the server is running. It will look like: | ||
|
|
||
| ```output | ||
| INFO Known-good RIM values are missing. If you trust the client that submitted | ||
| evidence for challenge 1302147796, you should restart the keybroker-server with the following | ||
| command-line option to populate it with known-good RIM values: | ||
| --reference-values <(echo '{ "reference-values": [ "tiA66VOokO071FfsCHr7es02vUbtVH5FpLLqTzT7jps=" ] }') | ||
| INFO Evidence submitted for challenge 1302147796: no attestation result was obtained. No known-good reference values. | ||
| ``` | ||
| From the server output you will notice that it did create the challenge for the key broker application, but it complains that it has no known good reference values. It does however provide a way to provision the key broker server with known good values if the client is trusted. | ||
| In a production environment, the known good reference value would be generated using a deployment specific process, but for demonstration purposes and simplification, you will use the value proposed by the key broker server. | ||
|
|
||
| Now go ahead and terminate the running instance of the key broker server(ctrl+C) and restart it with the known good reference value. Notice here that you need to copy the `--reference-values` argument directly from the previous error message reported by the key broker. When running this next command, ensure that you are using exactly that value, for example:: | ||
|
|
||
| ```bash | ||
| ./keybroker-server -v --addr 172.17.0.2 --reference-values <(echo '{ "reference-values": [ "tiA66VOokO071FfsCHr7es02vUbtVH5FpLLqTzT7jps=" ] }') | ||
| ``` | ||
|
|
||
| On the terminal with the running realm, re-run the key broker client application with the exact same command line parameters as before: | ||
|
|
||
| ```bash | ||
| ./keybroker-app -v --endpoint http://172.17.0.2:8088 skywalker | ||
| ``` | ||
|
|
||
| You should now get a successful attestion as shown: | ||
|
|
||
| ```output | ||
| INFO Requesting key named 'skywalker' from the keybroker server with URL http://172.17.0.2:8088/keys/v1/key/skywalker | ||
| INFO Challenge (64 bytes) = [05, 9e, ef, af, 59, e5, 2d, 0f, db, d8, 24, 40, 1e, 0d, 09, c9, d4, 3c, 9e, 99, c5, 64, cf, e6, b9, 20, 29, be, d7, ec, ea, 9a, a3, 91, dc, 16, e6, b7, 0f, 39, 0f, 06, b6, cc, b6, 9f, 0e, 3a, da, 26, 57, 5c, ed, 7f, 11, 1f, 2b, 3c, 9e, aa, 8c, d6, bc, b8] | ||
| INFO Submitting evidence to URL http://172.17.0.2:8088/keys/v1/evidence/2828132982 | ||
| INFO Attestation success :-) ! The key returned from the keybroker is 'May the force be with you.' | ||
| ``` | ||
|
|
||
| You have successfully run an end-to-end attestation flow with Arm CCA. | ||
|
|
||
|
|
||
|
|
||
|
|
Oops, something went wrong.