edgelesssys / constellation

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
GNU Affero General Public License v3.0
965 stars 54 forks source link

Leverage external utility(CC Trusted API) to ease the process of confidential environment evidence fetching/verifying #2879

Open Ruoyu-y opened 10 months ago

Ruoyu-y commented 10 months ago

Use case

Constellation, working as the typical confidential cluster that could run on either cloud environment or local machine across platforms, need to fetch measurements/evidence against different type of TEEs/TPM to prove its trustworthiness. Once a new confidential computing environment get supported in CSP's environment or a new technology revealed to the market, Constellation must make addition to the current code space to enable the evidence fetching or replaying function for the platform.
In the meanwhile, different platform or confidential computing technologies varies in use, which requires the Constellation developers to have knowledge and understandings on different architectures. Maintaining these code seems another burden for the project, as efforts are required once there's change in API or Specifications of the underlying technologies.

Describe your solution

Instead of maintaining the code within Constellation, it seems more efficient to leverage an utility which provides the capability for application to do evidence fetching or replaying using a set of simple APIs across all kinds of platforms.
CC Trusted API is a nice approach to streamline the effort that Constellation requires on this side. As a project that aims to collect confidential primitives (i.e., measurement, event log, quote) for zero-trust design, it provides the capability to fulfill this need using some vendor agnostic and TCG compliant APIs in multiple deployment environments (e.g. firmware/VM/cloud native clusters).
By leveraging these APIs, Constellation can perform with evidence fetching on different platforms through a unified API and requires little effort on maintenance of code related to platform features.

Would you be willing to implement this feature?

thomasten commented 10 months ago

Hi,

Thanks for reaching out and describing your idea. We agree with the goal to handle as much as possible of the TEE-specific tasks with external libraries.

CC Trusted API is an interesting project, but we have some concerns around it:

An alternative approach that we currently follow is using TEE-specific, but CSP-agnostic libraries, like

https://github.com/google/go-tdx-guest https://github.com/google/go-sev-guest https://github.com/google/go-tpm https://github.com/google/go-tpm-tools

While these are maintained by Google, they also work for AWS and Azure.

Ruoyu-y commented 9 months ago

Hi,

Thanks for reaching out and describing your idea. We agree with the goal to handle as much as possible of the TEE-specific tasks with external libraries.

CC Trusted API is an interesting project, but we have some concerns around it:

  • It seems to be in an early stage and probably doesn't cover all aspects required by Constellation
  • It doesn't seem to have much adoption yet. (If the project would be backed by multiple hardware vendors, this might be less of a problem.)
  • There doesn't seem to be a Go API yet
  • We would strongly prefer a pure Go implementation

An alternative approach that we currently follow is using TEE-specific, but CSP-agnostic libraries, like

https://github.com/google/go-tdx-guest https://github.com/google/go-sev-guest https://github.com/google/go-tpm https://github.com/google/go-tpm-tools

While these are maintained by Google, they also work for AWS and Azure.

Thanks for the feedback. We are already discussing with several potential users. In the meanwhile, we are working hard to provide Golang support and adding more partners to the community for contribution. Once we have more progress, i will get it updated here and ask for a second round evaluation.

Ruoyu-y commented 7 months ago

Updates for CC-API projects:

  1. CC-API already has full support on Go/Python/Rust with all APIs defined here. The API implementation for VM usage is located here, and the implementation for container usage is located here.
  2. Configfs-tsm support has been added recently and will be part of the next release of CC-API implementations. Hence, supporting both Intel TDX and other vendors.
  3. As we would like to make CC-API a standardized API for all the stuff on CC attestation/validation related operations, we already started promoting the project to CCC and got nice feedbacks from the community. For customer adoption side, we are WIP with several parties including CSP, enterprises.
hpvd commented 5 months ago

this looks like an interesting presentation on this topic: from Open Confidential Computing Conference https://assets-global.website-files.com/63c54a346e01f30e726f97cf/660e6b338a5ac8a245191011_Extending%20Integrity%20Measurement%20-%20Wenhui%20Zhang.pdf