Confidential computing is used to protect sensitive customer and health data or other secret information on third-party cloud servers. Intel Trust Authority is a service that proves the secure status of a trustworthy cloud instance, regardless of the respective cloud operator. To do this, Intel uses established cryptographic methods that rely on the Software Guard Extensions (SGX) and Trust Domain Extensions (TDX) functions anchored in Xeon hardware. Intel operates servers worldwide for Intel Trust Authority that can be used for remote attestation of encrypted TDX instances.
Large cloud service providers such as Amazon (AWS Nitro/KMS), Google Cloud and Microsoft Azure each offer their own attestation functions for their Trusted Execution Environments (TEEs). But anyone who moves sensitive data to the public cloud may want a remote attestation for their encrypted virtual machine (VM) that is independent of the cloud service provider.
Intel’s Trusted Domain Extensions (TDX) for encrypted cloud instances work quite complicated.
With Intel Trust Authority you no longer have to trust the cloud operator and can also change them. But you have to trust Intel instead and can currently only use servers with fourth-generation Sapphire Rapids (Xeon-SP Gen 4) Xeon-SP processors.
However, Intel emphasizes that it will also integrate other hardware. Intel is cooperating with Nvidia to also certify cloud instances that use the AI accelerator H100 (Hopper).
Intel Trust Authority was developed under Project Amber and announced in fall 2022. So far, only pilot customers have been able to use the service.
Intel provides extensive documentation for TDX and SGX, the technology is quite complex. AMD also builds confidential computing functions into the Epyc processors and there is the Confidential Compute Architecture ARMv9-CCA for ARM servers.
#Intel #Trust #Authority #Remote #attestation #encrypted #cloud #instances