search

edgelesssys / constellation

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
GNU Affero General Public License v3.0
941 stars 48 forks source link

Is there any plan for supporting intel TDX? #1666

Closed michaelrun closed 7 months ago

michaelrun commented 1 year ago

Use case

Describe your solution

Additional context

daniel-weisse commented 1 year ago

Hi there,

Support for Intel TDX is currently in development. You can check out the progress here: https://github.com/edgelesssys/constellation/tree/feat/tdx-libvirt

The current implementation state is for local QEMU/KVM deployments only and requires TDX hardware. Support for TDX on Cloud Provider solutions e.g. Azure or GCP will come when and if the CSP support this.

malt3 commented 1 year ago

You can also look at this demo of our Intel TDX preview: https://youtu.be/mSfvhkLLMD8

michaelrun commented 1 year ago

Thanks for reply @malt3 @daniel-weisse BTW, when local QEMU/KMV will be ready for release?

daniel-weisse commented 1 year ago

QEMU/KVM on its own is already available. It's lacking some public documentation currently as it is mostly used for testing purposes.

The requirements are the same as for MiniConstellation. You can create a cluster using the following commands:

constellation config generate qemu
vim constellation-conf.yaml # Check and adjust the created config
constellation create -c1 -w1 # Adjust c and w to the number of control-plane/worker nodes you want
constellation init

As for our QEMU/KVM deployment supporting TDX: I will try and get it merged for the next release or the one after that. So ideally next week, and start of June at the latest.

michaelrun commented 1 year ago

@daniel-weisse Got it. Thanks, i will have a try later.

michaelrun commented 1 year ago

Can I do a POC using this TDX branch now?

michaelrun commented 1 year ago

You can also look at this demo of our Intel TDX preview: https://youtu.be/mSfvhkLLMD8

Is this link still available? I can't access now.

malt3 commented 1 year ago

Can I do a POC using this TDX branch now?

We will update this issue as as soon as we have documentation available to test this on your own. If you prefer to set up a meeting and do a guided POC, please reach out to Thomas Loepp Thiessen (tlt@edgeless.systems) or use the contact form for more information.

Is this link still available? I can't access now.

The video is still available. Maybe the shortened YouTube link is not working for you. This is the full video URL: https://www.youtube.com/watch?v=mSfvhkLLMD8

RodgerZhu commented 1 year ago

Hi @daniel-weisse will you consider to support Alibaba TDX and Azure TDX? They are now providing TDX private preview.

malt3 commented 1 year ago

Hi @RodgerZhu. Thanks for reaching out. Support for TDX on public clouds is work in progress. We will share more details soon.

RodgerZhu commented 1 year ago

Thanks @malt3 ! If needed, we can provide online TDX instance for integration and cooperation. Could pls. email me (yunge.zhu@intel.com) for more discussion?

hpvd commented 10 months ago

On: Aug 2, 2023 AWS announces the general availability of Amazon EC2 M7i-flex and EC2 M7i instances powered by custom 4th Gen Intel Xeon Scalable processors (code-named Sapphire Rapids). https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-ec2-m7i-flex-m7i-instances/?nc1=h_ls

hpvd commented 10 months ago

On July 31, 2023: GCP: Generally Available: C3 VMs with 4th Gen Intel Xeon and industry-leading price-performance https://cloud.google.com/blog/products/compute/c3-machine-series-on-intel-sapphire-rapids-now-ga?hl=en

hpvd commented 10 months ago

On 15 November, 2023 Azure: Announcing the public preview of confidential VMs with Intel TDX https://azure.microsoft.com/en-gb/updates/confidential-vms-with-intel-tdx-dcesv5-ecesv5-public-preview/

hpvd commented 10 months ago

Hi there,

Support for Intel TDX is currently in development. You can check out the progress here: https://github.com/edgelesssys/constellation/tree/feat/tdx-libvirt

The current implementation state is for local QEMU/KVM deployments only and requires TDX hardware. Support for TDX on Cloud Provider solutions e.g. Azure or GCP will come when and if the CSP support this.

Since some sapphire rapids offers appear: Would be curious on current state of this topic (the link mentioned above is dead). What also would be interesting, which difference do you see when comparing AMDs vs Intels solution?

fnerdman commented 9 months ago

@malt3 @daniel-weisse Any comments on if and when Constellation will be available for public cloud offerings?

daniel-weisse commented 9 months ago

Azure just announced a public preview for TDX which we are currently evaluating. We can't give any dates yet, but if TDX on Azure supports our required features, we will try to get Constellation running with TDX as soon as possible (soon hopefully meaning 1 or 2 months, not half a year).

hpvd commented 9 months ago

@daniel-weisse sounds interesting! Thanks for all you're stunning work! just out of curiosity: is there any reason you prefer waiting for azure? Are the already available gcp/aws instances named above missing some needed features?

daniel-weisse commented 9 months ago

@hpvd Even though both AWS and GCP have Sapphire Rapids offerings, neither have a public TDX offering. We are not currently working on a bare metal deployment option for Constellation, so just having the CPUs available is not enough. There is a private preview for TDX on GCP, however I am not yet aware of a timeline for a public release.

hpvd commented 9 months ago

@daniel-weisse many thanks for this details!

malt3 commented 9 months ago

Azure just announced a public preview for TDX which we are currently evaluating.

Some early evaluation results: We identified a missing feature. Azure's TDX offering currently does not allow guests to access a TDREPORT. This is a hard requirement for remote attestation. We expect this issue to be resolved in the near future and will re-evaluate this again soon.

malt3 commented 7 months ago

Support for Azure's TDX offering was added with v2.15.0.

fnerdman commented 4 months ago

@malt3 @daniel-weisse Running a TDX VM on Azure, I'm not able to access the /dev/tdx_guest device and thus I'm unable to get the TDREPORT for the VM. How have you solved this?

daniel-weisse commented 4 months ago

Hi @fnerdman Azure does not expose the TDX device to the guest VM directly. Instead, Azure makes use of TD partitioning to run a vTPM inside a trust domain which has access to the TDX device (/dev/tdx_guest), and provides access to that vTPM to the trust domain running your VM. The vTPM holds a TDX quote over the vTPM's attestation public key in its NVRAM. Azure also uses a very similar approach for CVMs with AMD SEV-SNP.

You can find some implementation details on how to retrieve this quote in these two Azure repos: https://github.com/Azure/confidential-computing-cvm-guest-attestation https://github.com/Azure/cvm-attestation-tools

Or you can take a look at our Azure attestation code: https://github.com/edgelesssys/constellation/tree/main/internal/attestation/azure

Hope this helps

fnerdman commented 4 months ago

Thanks! Is there any documentation on this vTPM hypervisor? I've been able to extract the TDREPORT from the vTPM and get a quote, but the MRTD never changes, so I was expecting this to be the quote for a seperate vTPM TD (similar to this). Is there any way to verify the MRTD, like being able to deterministically build the vTPM hypervisor so that one can get to the same MRTD value? Or are we just plainly trusting Microsoft here?

daniel-weisse commented 4 months ago

As far as I know, Azure has not yet published any public documentation regarding this, so you will have to trust Azure here.