Skip to content

Home

Jump to bottom
Ruomeng Hao edited this page Mar 27, 2024 · 1 revision

Welcome to the confidential-cloud-native-primitives wiki!

This project is designed to provide cloud native measurement for the full measurement chain from TEE TCB -> Firmware TCB -> Guest OS TCB -> Cloud Native TCB as follows:

NOTE: Different from traditional trusted computing on non-confidential environment, the measurement chain is not only started with Guest's SRTM (Static Root Of Measurement) but it also needs to include the TEE TCB because the CC VM environment is created by TEE via DRTM (Dynamic Root of Measurement) like Intel® TXT on the host.

From the perspective of a tenant's workload, CCNP will expose the CC Trusted API as the unified interfaces across diverse trusted foundations like RTMR+MRTD+CCEL and PCR+TPM2. Learn more details of CCNP design at CCNP documentation.

Finally, the full trusted chain will be measured into a CC report as follows using Intel TDX as an example:

NOTE:

  • The measurement of TEE, Guest's boot, OS is per CC VM, but cluster/container measurement might be per cluster/namespace/container for cloud native architecture.
  • Please refer to structure TDREPORT.
  • The CCNP project collects container level primitives by implementing unified APIs defined in CC Trusted API. The project will be moved to CC Trusted API in the near future.
Clone this wiki locally