Search

CN-121996358-A - Virtual microcontroller for device authentication in a confidential computing environment

CN121996358ACN 121996358 ACN121996358 ACN 121996358ACN-121996358-A

Abstract

Embodiments relate to a virtual microcontroller for device authentication in a confidential computing environment. Embodiments include a processor to implement a service Trust Domain (TD) as a Virtual Microcontroller (VMC) trust domain (VMC-TD) for a device, wherein the VMC-TD supports protocols for device authentication, device measurement, and device management, and to receive a VMC certificate chain endorsed by a boot service component, the boot service component comprising at least one trusted module of a confidential computing environment, the VMC certificate chain comprising a root certificate of the boot service component, a boot service module signature certificate, and a full VMC certificate, the full VMC certificate comprising an initial VMC certificate and a TD report, the TD report comprising measurements of the device.

Inventors

  • YAO JIAWEN
  • V. Shanberg
  • R. Sahita

Assignees

  • 英特尔公司

Dates

Publication Date
20260508
Application Date
20220531

Claims (9)

  1. 1. An apparatus for device authentication in a confidential computing environment, the apparatus comprising: a graphics processing unit, GPU, coupled to the memory, the GPU to: establishing a trust relationship between a CPU (central processing unit) of a host and the GUP; Establishing a service trust domain TD with the host CPU, wherein the service TD is used to support a security protocol and a data model SPDM protocol for at least one of GPU authentication, GPU measurement, or GPU management; Associating a chain of certificates endorsed by a trusted module, wherein the chain of certificates is associated with a certificate comprising a TD report with the GPU measurements, and wherein the trust relationship between the host CPU and the GPU is used to facilitate secure encrypted communications such that data between the host CPU and the GPU is transferred based on direct memory access, DMA.
  2. 2. The apparatus of claim 1, wherein the host CPU comprises a secure enclave.
  3. 3. The apparatus of claim 1, wherein the confidential computing environment comprises a secure encryption virtualized SEV.
  4. 4. A method for device authentication in a confidential computing environment, the method comprising: establishing a trust relationship between a CPU (central processing unit) of a host and a GPU (graphics processing unit); Establishing a service trust domain TD with the host CPU, wherein the service TD is used to support a security protocol and a data model SPDM protocol for at least one of GPU authentication, GPU measurement, or GPU management; Associating the GPU with a certificate chain endorsed by a trusted module, wherein the certificate chain is associated with a certificate comprising TD reports with the GPU measurements, and wherein the trust relationship between the host CPU and the GPU is used to facilitate secure encrypted communications such that data between the host CPU and the GPU is transferred based on direct memory access, DMA.
  5. 5. The method of claim 4, wherein the host CPU comprises a secure enclave.
  6. 6. The method of claim 4, wherein the confidential computing environment comprises a secure encryption virtualized SEV.
  7. 7. At least one computer-readable medium having instructions stored thereon that, when executed, cause a computing device to perform operations comprising: establishing a trust relationship between a CPU (central processing unit) of a host and a GPU (graphics processing unit); Establishing a service trust domain TD with the host CPU, wherein the service TD is used to support a security protocol and a data model SPDM protocol for at least one of GPU authentication, GPU measurement, or GPU management; Associating the GPU with a certificate chain endorsed by a trusted module, wherein the certificate chain is associated with a certificate comprising TD reports with the GPU measurements, and wherein the trust relationship between the host CPU and the GPU is used to facilitate secure encrypted communications such that data between the host CPU and the GPU is transferred based on direct memory access, DMA.
  8. 8. The computer readable medium of claim 7, wherein the host CPU comprises a secure enclave.
  9. 9. The computer-readable medium of claim 7, wherein the confidential computing environment comprises a secure encryption virtualized SEV.

Description

Virtual microcontroller for device authentication in a confidential computing environment The application is a divisional application of PCT International application No. PCT/CN2022/096222, international application No. 2022, 5, 31, 202280095579.7 entering China national stage, entitled "virtual microcontroller for device authentication in confidential computing Environment". Technical Field The present disclosure relates generally to confidential computing, and more particularly to virtual microcontrollers for device authentication in confidential computing environments. Background Traditionally, devices have added functionality over time, such as adding data transformation acceleration, migrating functionality from a central processing unit (central processing unit, CPU) to the device, and so on. Such a process also increases the complexity of the device in order to maintain performance and security. Examples of such evolution can be seen in devices such as network controllers, memory controllers, field programmable gate arrays (field programmable GATE ARRAY, FPGAs), and graphics devices. Today's devices also need to be shared efficiently to enable multi-tenant use such as cloud, virtualization, containers, etc. These multi-tenant requirements are also implemented via specialized engines on the device to implement separation of privileges, data paths, and security arbitration. Examples of such evolution are observed in virtualized Input/output (IO) from direct device dispatch (DIRECT DEVICE ASSIGNMENT, DDA), single Input output virtualization (Single-root Input-Output Virtualization, SR-IOV), and scalable IO virtualization (Scalable IO Virtualization, SIOV). TDX (i.e., trust domain extension (Trust Domain Extension)) is an instruction in the CPU instruction set architecture (instruction set architecture, ISA) to remove a virtual machine monitor (virtual machine monitor, VMM) from a trusted computing base (trusted computing base, TCB) of a cloud computing Virtual Machine (VM) workload (referred to as trust domain or TD). Generally, a TCB includes a collection of hardware, firmware, and software components implemented on a platform to provide a secure environment that includes portions of the platform's memory address space used by the TCB. The TDX IO model extends the TDX architecture to allow VMM management outside of the TCB to be safely assigned to the TD's devices. TDX IO enables devices to be securely assigned to TDs such that data on links is protected from confidentiality, integrity, and replay attacks. TDX IO also implements IO memory management unit (IO memory management unit, IOMMU) attributes so that the device can directly use direct memory access (direct memory access, DMA) to the TD's private memory if the TD accepts an interface for the device under measurement. Drawings The embodiments described herein are illustrated by way of example and not limitation in the figures of the accompanying drawings in which like references indicate similar elements. FIG. 1 illustrates a computing device for providing a virtual microcontroller for device authentication in a confidential computing environment, according to an implementation herein. FIG. 2 illustrates a computing environment for providing a virtual microcontroller for device authentication in a confidential computing environment, according to an implementation herein. FIG. 3 illustrates a block diagram of a confidential computing environment for virtual microcontroller trust domain (virtual microcontroller trust domain, VMC-TD) credential generation, according to an implementation herein. Fig. 4 illustrates generation of a complete VMC certificate chain by a system-on-a-chip (SoC) secure boot service module, according to an implementation herein. FIG. 5 illustrates a block diagram of a confidential computing environment for device authentication, according to an implementation herein. FIG. 6 illustrates a block diagram of a confidential computing environment for virtual device measurement and management, according to an implementation herein. FIG. 7 is a block diagram illustrating a confidential computing environment that enables seamless updates to the entire VMC-TD, according to an implementation herein. FIG. 8 is a block diagram illustrating a confidential computing environment that enables seamless updating of portions (changeable portions) of a VMC-TD, according to an implementation herein. FIG. 9 is a flowchart illustrating the operation of providing a virtual microcontroller for a device in a confidential computing environment, according to an implementation of the present disclosure. FIG. 10 is a flowchart illustrating the operation of a virtual microcontroller providing device authentication for use in a confidential computing environment, in accordance with an implementation of the present disclosure. FIG. 11 is a flowchart illustrating the operation of a virtual microcontroller providing device management for use in a confidential co