Measurement Startup

The measurement process in the TEE Kit for Kunpeng confidential computing is as follows:

1. The Kunpeng Hardware Security Module (HSM) is used as the root of trust (RoT). The TEE-related firmware is measured when Kunpeng devices are starting up, and the measurement result is stored as a platform measurement report into the SRAM of the HSM.
2. The kernel and startup parameters during VM startup are measured to generate a VM measurement report.
3. The reports are packaged to form a complete measurement token, which provides the remote attestation capability.

Advantages and Benefits

1. The TEE-related firmware can be measured to enhance firmware security for secure startup. cVM startup can be measured to safeguard cVMs.
2. A built-in hardware RoT is employed to support hardware three proofings, ensuring secure and reliable measurement results.
3. Backward compatibility of reports is offered to ensure that current measurement reports are consistent with next-generation CCA attestation reports.