Technical Principles of the Kunpeng BoostKit for Confidential Computing TEE Kit

The TEE Kit enables cVMs by leveraging the Kunpeng TrustZone mechanism. Figure 1 illustrates the technical principles.

Figure 1 Confidential Computing TEE Kit

A TEE virtualization management module is built upon the TrustZone firmware. This module implements mechanisms for memory isolation, context management, lifecycle management, and page table management across cVMs, migrating applications to a confidential environment without adaptation.