Remote attestation
Remote attestation is a crucial aspect of confidential computing. To understand why, consider a confidential-computing environment (CCE) running on a remote computer - for example in the public cloud. How would you know that the CCE was indeed a real CCE and that it was running the intended software? The computer could be compromised and just pretend that it was running a CCE and steal your data as soon as you’ve sent it over. This fundamental problem is addressed by remote attestation.
Technical details
Remote attestation allows software running inside a CCE to request cryptographic certificates for itself from the CPU at runtime. With this certificate, the CCE can prove to anyone that it is a “good” CCE with a certain configuration and that it is running a certain piece of software. These cryptographic certificates look and work much like website certificates (i.e., X.509 certificates used for TLS, which are ubiquitous on the WWW). Each confidential computing-enabled CPU (or GPU) has a unique cryptographic key associated with it, called a private key. Only the CPU can access this key. When a CCE requests a certificate for itself, the CPU uses its private key to issue the certificate. The certificate includes a cryptographic hash of the CCE’s code and configuration. This hash is also called measurement. A CCE certificate may include additional information. Typically, analogously to web certificates, this information includes the CCE’s public key. Based on this, secure TLS connections with a CCE can be bootstrapped.
By inspecting a CCE’s certificate, a party can learn that it is talking to a specific piece of software running encrypted and in isolation on a trustworthy CPU. But how can the party trust the CPU’s key? CPU keys also come with their own certificates. These are issued by the CPU manufacturers. The CPU manufacturers act as certificate authorities (CAs) similar to how Let’s Encrypt or VeriSign act as CAs for the web. The root CAs, i.e., the CPU manufacturers, act as trust anchors. Without them, no remote attestation is possible.