Xilinx Joins the Confidential Computing Consortium
28-12-2020 | By Robin Mitchell
Recently, Xilinx announced it’s joining of the Confidential Computing Consortium, or CCC. Who is the Confidential Computing Consortium, why is there a focus on data security, and what are Xilinx’s plans with the CCC?
What are the three areas of data security?
Go back two decades, and the most important design criteria for most products was functionality; what is its processing power, how much memory does it have, and can it run the latest software. Security, however, was dealt with in the most minor of ways with basic encryption for sending private data over networks, and encryption of files that needed to be kept confidential. The result of historically weak security was many bugs, flaws, and hacks into most electronic systems.
Fast forward to 2020, and the world is being driven by many billions of IoT devices, billions of handheld portable devices, smartphones, computing systems, and cloud services. As a result, security is now the most important factor in any design and now takes precedence over functionality. If the result of using a security feature means that some specific functions cannot be included, the functionality is dropped in favour of a more secure design.
In design, data finds itself in one of three states; stationary, moving and using. Stationary data is data stored on a storage medium (such as an HDD), and security for such data was solved decades ago with the use of encrypted data. However, data in transit (i.e. over a network or from an HDD to RAM), and data in use (i.e. data being worked on), is still in its infancy, and it is these areas that attackers generally aim for.
Who is the Confidential Computing Consortium?
The Confidential Computing Consortium, or CCC, is a group that aims to bring together hardware, software, and cloud services to encourage the use of Trusted Execution Environments (TEEs) in an effort to secure data. Started by the Linux Foundation, the group looks towards accelerating the use of confidential computing to provide better data protection to consumers, and collaboration with members to better provide confidential systems.
Credit: Xilinx
Simply put, the CCC wants companies to deploy TEE technologies into all aspects of digital life. A Trusted Execution Environment is a secured area of a processor which guarantees that any code and data loaded into the area is protected from external influences. When a TEE is used in an execution environment, it generally provides increased functionality that standard applications would not be able to have access to (i.e. through an OS or a Secure Element). A TEE will often be isolated from the main system via hardware, meaning that applications running on the main processor cannot access the TEE in any regard.
Xilinx Announces Membership to the CCC
Recently, Xilinx announced its membership to the CCC as a general member, with other members of the CCC including Google, ARM, Facebook, Microsoft, Red Hat, and Huawei. According to Xilinx, one major issue with TEEs is their incompatibility of operation between different developers. For example, code written for a TEE provided by AMD may not operate on a TEE designed for an Intel TEE.
Therefore, Xilinx wants to explore the possibility of either creating TEE accelerator cards (to help create a unified TEE), or to help engineer a hardware solution that can securely transfer data between a TEE host and an external accelerator card without compromising the data’s integrity.
The recent acquisition of Xilinx by AMD has the two looking towards each other for hardware solutions. AMD’s TEE solution, Secure Encrypted Virtualisation, is being explored by Xilinx to understand how it may map to a DCGs future accelerator product plans. Xilinx, also being a customer of ARM (which is used in control planes for many of its products), are also looking towards ARMs TEE solution, TrustZone.
According to Xilinx, ARM has made several proposals to the CCC regarding their TrustZone that may make it easier for Xilinx to develop an accelerator card around TrustZone. From there, Xilinx could work towards creating bridges that can securely transfer data between accelerators and TEEs.
Read More