Security Features of the Kunpeng BoostKit for Confidential Computing TEE Kit

cVMs are created in an isolated, verifiable TEE upon the underlying system software and hardware, protecting internal code and data against external access to or being tampered with. Even attackers with the highest system privilege cannot access the code and data in the TEE.

cVMs provided by the TEE Kit use the remote verification mechanism and the public key infrastructure provided by the remote verification service to verify signatures. In this way, the initial status of the internal software in cVMs is trusted and a complete trust chain is established.

cVMs combine with traditional data encryption technologies to offer a secure environment for data storage, transfer, and computing throughout the data lifecycle. They use hardware mechanisms to ensure that data is available but invisible.