thomasten
commented
6 months ago Hi,
Thanks for reaching out and describing your idea. We agree with the goal to handle as much as possible of the TEE-specific tasks with external libraries.
CC Trusted API is an interesting project, but we have some concerns around it:
- It seems to be in an early stage and probably doesn't cover all aspects required by Constellation
- It doesn't seem to have much adoption yet. (If the project would be backed by multiple hardware vendors, this might be less of a problem.)
- There doesn't seem to be a Go API yet
- We would strongly prefer a pure Go implementation
An alternative approach that we currently follow is using TEE-specific, but CSP-agnostic libraries, like
https://github.com/google/go-tdx-guest https://github.com/google/go-sev-guest https://github.com/google/go-tpm https://github.com/google/go-tpm-tools
While these are maintained by Google, they also work for AWS and Azure.
Ruoyu-y
hpvd
Use case
Constellation, working as the typical confidential cluster that could run on either cloud environment or local machine across platforms, need to fetch measurements/evidence against different type of TEEs/TPM to prove its trustworthiness. Once a new confidential computing environment get supported in CSP's environment or a new technology revealed to the market, Constellation must make addition to the current code space to enable the evidence fetching or replaying function for the platform.
In the meanwhile, different platform or confidential computing technologies varies in use, which requires the Constellation developers to have knowledge and understandings on different architectures. Maintaining these code seems another burden for the project, as efforts are required once there's change in API or Specifications of the underlying technologies.
Describe your solution
Instead of maintaining the code within Constellation, it seems more efficient to leverage an utility which provides the capability for application to do evidence fetching or replaying using a set of simple APIs across all kinds of platforms.
CC Trusted API is a nice approach to streamline the effort that Constellation requires on this side. As a project that aims to collect confidential primitives (i.e., measurement, event log, quote) for zero-trust design, it provides the capability to fulfill this need using some vendor agnostic and TCG compliant APIs in multiple deployment environments (e.g. firmware/VM/cloud native clusters).
By leveraging these APIs, Constellation can perform with evidence fetching on different platforms through a unified API and requires little effort on maintenance of code related to platform features.
Would you be willing to implement this feature?