Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Remote Attestation of TAs

The Kunpeng confidential computing solution provides a secure environment for protecting customer data in use. Once in a cloud TEE, that is, out of the trusted zone deployed by the data provider, technical means are applied for the data provider to confirm the trust for processing data remotely. Such technical means are called remote attestation.

In principle, remote attestation uses the TEE's trusted base to endorse the TA integrity. The trusted base of the Kunpeng confidential computing TEE is the TEE OS and authentication identity key (AIK). The AIK is protected by the Kunpeng processor hardware and can be accessed only by the TEE OS.

Remote attestation requires the attestator (TEE's trusted base) to provide at least two types of evidence to the challenger (data provider):

  • Identity (proving that the TA is running in a confidential area on the TEE platform)
  • Integrity (proving that the TA has not been tampered with during use)
Figure 1 Working principle of remote attestation

The orange parts in Figure 1 are the feature deliverables, which are open sourced. Dynamic measurement and AK generation are performed by the Kunpeng server and iTrustee.

  1. To facilitate the data provider to verify and view reports, the Kunpeng confidential computing solution provides a verification library.
  2. To use the verification library, the data provider needs to configure the AIK public key certificate and TA measurement baseline file for the library. The TA measurement baseline can be automatically generated by the build tool in the SDK.
  3. On compute nodes, the ISV's CA can directly integrate the QCAlib, or the QCAlib is encapsulated into a service and then deployed to provide the attestation service for the data provider's clients.
  4. In a service running process, the attestation of the TA is initiated by the data provider, and can be performed at any time.
  5. The ISV's CA transfers the challenge to the quoting trusted application (QTA) in the TEE through the QCAlib. The input parameters include the identifier of the measured TA.
  6. The QTA calls the measurement interface provided by the TEE OS to initiate dynamic measurement on the ISV's TA. Measurement is directly initiated by the iTrustee. The ISV's TA does not need to participate in or perceive the measurement.
  7. After obtaining the measurement value, the QTA generates a remote attestation report, signs the report using the AK, and returns the report to the data provider through the QCAlib. The AK is dynamically generated by the TEE OS (Optionally, the AK can also be delivered by the Attestation Service server and delivered in group signature issuing mode. This feature has been supported since TEE OS 1.3.0.) and is signed by the AIK.
  8. After obtaining the report, the data provider can use the verifier to verify the report and obtain the report information. The data provider can determine which fields are key information, whether strict matching is required, and whether to trust the TA based on its attestation policy.
Parent topic: Key Functions