This project aims to bring Arm Confidential Computing Architecture (CCA) feature to Unikraft. It has been accepted as a Google Summer of Code (GSoC) project. Arm CCA is a new confidential computing technology in Armv9 architecture that enables OS to run as a confidential VM without trusting the underlying hypervisor. This blog gives an overview of the project, the progress made in the first three weeks of GSoC, and future steps.
Arm CCA introduces Realm Management Extension (RME), which extends Arm TrustZone technology with two new security states: the
realm state and the
The following figure shows the system architecture of the CCA.
Instead of running a VM in the normal world, the CCA can run a VM in the realm state.
The realm state constructs protected execution environments called realms, which protect the data in the realms from other components.
This architecture allows the hypervisor to control the VM but removes the right for access to that VM.
The CCA achieves this separation through a combination of architectural hardware extensions (RME) and firmware (Realm Manager in EL2 and Monitor in EL3).
The Realm Management Monitor (RMM) is the realm world firmware that is used to manage the execution of the realm VMs and their interaction with the hypervisor in the normal world. The RMM operates in Exception level 2 in the realm world. The RMM provides services to the realms, using Realm Service Interface (RSI). Therefore, to use a unikernel as an application in a realm, Unikraft needs to support the use of RSI. Besides, Unikraft also needs to support memory management and attestation in Arm CCA. As a reference, Arm has provided an integration stack for Arm's reference CCA software architecture and implementation. The main components in the reference integration are Linux-CCA, Kvmtool-CCA, Trusted-Firmware-A, Hafnium, TF-RMM.
To make Unikraft run on the CCA, we need to achieve the following objectives:
app-helloworldin the normal world.
app-helloworldin a realm.
All the progress made and the relevant knowledge of this project is maintained on this GitHub Project page. My progress in the first three weeks of GSoC can be divided into information gathering and code implementation.
On the information-gathering side, I have gathered the necessary details on the following questions:
On the code-implementation side, the differences between kvmtool and QEMU
virt platforms lead to several changes:
unikraft/plat/kvm/arm/bpt64.Smaps memory regions according to the memory layout of kvmtool.
ns16550serial console, so it replaces the default
pl011in Unikraft. Besides, the
ns16550serial console in kvmtool uses byte-width registers.
_init_dtb_memexcludes the dtb regions from the stack and heap area.
app-helloworld can be run in kvmtool and the relevant knowledge of CCA is gathered, this project moves toward adding support for CCA and running
app-helloworld in a realm.
This includes adding options for CCA and basic support like RSI commands.
The goal of this project, by the midterm of GSoC, is to bring basic features for CCA to Unikraft.
Thanks to all my mentors and the Unikraft community for their guidance and support.
Feel free to ask questions, report issues, and meet new people.