VMware has announced that it is partnering with AMD, Samsung, and members of the RISC-V keystone community for the development and operations of confidential computing applications.
RISC-V is a hardware standards organisation that is designing low-power processors; the Keystone Enclave is an open source project for building customisable trusted execution environments (TEEs).
The aim of the new partnership among VMware, AMD, Samsung and RISC-V participants is to collaborate to contribute to the open-source Certifier Framework project for confidential computing. The Certifier Framework is an open-source project started by VMware in 2022 to tackle the key barriers in the development of confidential computing applications.
“The collective efforts of the growing ecosystem of contributors to Certifier Framework will help bring those benefits to independent software vendor (ISVs), enterprise customers, and sovereign cloud providers, enabling them to use the technology more easily and effectively,” said Kit Colbert, CTO at VMware.
Confidential computing protects data in use
Confidential computing is a new discipline that aims to protect data while in use, or in memory, as opposed to conventionally encrypting it when it is "at rest" (not being processed, while in storage or in transit) in a network of multicloud environments.
Confidential computing is designed to ensure the security of data during processing by utilising a hardware-based TEE that is verified. These trusted and isolated environments are meant to effectively safeguard applications and data against unauthorised access or tampering, providing organisations that handle sensitive or regulated data with enhanced security guarantees.
The major challenge to confidential computing is lack of know-how. While processor manufacturers like Intel offer a good head start in terms of required hardware, software and cloud providers are lagging when it comes to the development and operation of confidential computing applications.
Certifier framework offers promise
A robust confidential computing platform must, according to VMware, provide four essential capabilities — isolation, measurement, secrets storage, and attestation.
The practice provides isolation to protect programs from unauthorised access or modification; measurement for unique program identification; storage for secure storage and retrieval of secret company information; and attestation for establishing trust relationships among programs.
It would serve to have a template handy that satisfies these criteria and helps software and cloud providers build and manage an effective confidential computing application. The Certifier Framework promises just that.
The framework consists of two pieces — an application development library comprising APIs and a scalable certification service. While the APIs provide a set of programming interfaces to help port an existing application or create a new one, the certifier service evaluates policy and manages trust relationships among systems.
The certifier’s capabilities were highlighted at Confidential Computing Summit 2023, where VMware showcased “universal” client-cloud trust management across heterogenous TEEs including AMD's Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), Intel's SGX data protection technology and Arm Confidential Computing Architecture ( CCA), and RISC-V.