Kunpeng BoostKit for Confidential Computing TrustZone Kit

Kunpeng BoostKit for Confidential Computing is a trusted execution environment (TEE) solution based on TrustZone, which is a security extension based on the standard ARM architecture. TrustZone has an additional TEE, and its original execution environment is called rich execution environment (REE). The two environments are isolated from each other in terms of the chip architecture to ensure the applications running in the TEE are secure and trusted. TrustZone resolves the security issue of in-use data.

The trusted OS, the core component of the Kunpeng BoostKit for Confidential Computing TrustZone Kit, offers the following features:

• Reliable: The Huawei-developed microkernel secure OS has been put into commercial use on mobile phones for nearly a decade with over 100 million users.
• Authoritative certification: CC EAL4+.
• Flexible specifications: The secure memory in the TEE can be configured on demand. Up to 128 GB of secure memory is supported.

Compared with other privacy computing technologies, computing within the TEE is free from complex algorithm protocols and greatly improves the processing efficiency of confidential data. This computing solution is especially suitable for scenarios where a large amount of confidential data is processed, for example:

1. Financial big data mining and processing with ensured confidentiality
2. All-in-one big data center: reliable data flow and transaction
3. Iterative calculation of models and parameters in federated computation

With its high privilege level and the isolation design, the Kunpeng BoostKit for Confidential Computing TrustZone Kit is also applicable to scenarios such as the Trusted Platform Module (TPM) and Hardware Security Module (HSM).

This Kit leverages the TrustZone technology and adapts to the Kunpeng processor, extending necessary functions for data center server scenarios. It supports feature enabling/disabling, memory resource configuration, and remote attestation.