TA Containerization

To facilitate application deployment, many users choose to deploy their applications in containers. With the TA containerization feature, you can:

• Deploy TAs in containers when building container images.
• After a container is instantiated, the container can access the host TEE, allowing for TA deployment in the TEE.

Figure 1 shows the overall architecture for TA containerization.

The components in the architecture perform the following functions:

• Container instance: The format of the container image is the same as that of a common container image, except for the patches, tools, and TAs required for the TEE.
• K8s Plugin: It is developed based on the K8s Device Plugin specifications and is used to report the TEE secure memory to the K8s master.
• Containerized TA: It can be a native application developed using the C language or a Rust application.
• Basic TA: It is used for certificate import and remote attestation.