PROJECT NOT UNDER ACTIVE MANAGEMENT
This project will no longer be maintained by Intel.
Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project.
Intel no longer accepts patches to this project.
If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project.
Contact: [email protected]
Note
The project has been moved to CC-API organization. Go to https://github.com/cc-api/confidential-cloud-native-primitives for more information.
Confidential Computing technologies like Intel® TDX provides an isolated encryption runtime environment to protect data-in-use based on hardware Trusted Execution Environment (TEE). It requires a full chain integrity measurement on the launch-time or runtime environment to guarantee "consistent behavior in an expected way" of confidential computing environment for tenant's zero-trust use case.
This project is designed to provide cloud native measurement for the full measurement chain from TEE TCB -> Firmware TCB -> Guest OS TCB -> Cloud Native TCB as follows:
NOTE: Different from traditional trusted computing on non-confidential environment,
the measurement chain is not only started with Guest's SRTM
(Static Root Of Measurement)
but it also needs to include the TEE TCB because the CC VM environment is created by TEE
via DRTM
(Dynamic Root of Measurement) like Intel® TXT on the host.
From the perspective of a tenant's workload, CCNP
will expose the CC Trusted API
as the unified interfaces across diverse trusted foundations like RTMR+MRTD+CCEL
and PCR+TPM2
. Learn more details of CCNP design at CCNP documentation.
Finally, the full trusted chain will be measured into a CC report as follows using Intel TDX as an example:
NOTE:
- The measurement of TEE, Guest's boot, OS is per CC VM, but cluster/container measurement might be per cluster/namespace/container for cloud native architecture.
- Please refer to structure
TDREPORT
. - The CCNP project collects container level primitives by implementing unified APIs defined in CC Trusted API. The project will be moved to CC Trusted API in the near future.
CCNP collects primitives of confidential cloud native environments running in confidential VMs (CVM), such as Intel TDX guest. The primitives are not only from the TEE + CVM boot process + CVM OS but also from the environments running workloads, e.g. Kubernetes cluster or Docker containers. Thus, you need to check below configuration for both hosts and guests.
You can setup an Intel TDX enlightened host and then boot a TD guest on it. The feasible configurations are as below.
CPU | Host OS | Host packages | Guest OS | Guest packages | Attestation packages |
---|---|---|---|---|---|
Intel® Emerald Rapids | Ubuntu 22.04 | Build packages referring to here | Ubuntu 22.04 | Build packages referring to here | You can either use containerized PCCS, QGS or install packages from here |
Intel® Emerald Rapids | Ubuntu 23.10 | Setup TDX host referring to here | Ubuntu 22.04 | Build packages referring to here | Setup containerized PCCS and QGS on the host |
NOTE: The Platform certificate caching service (PCCS) is used to retrieve and cache PCK certificates locally to your cluster from Intel's Platform Certificate Service. This is necessary to attest the authenticity of a TD guest before a workload is started in it. The Quote Generate Service (QGS) runs on the host in a specialized enclave to generate and use TD quotes. For convenient setup these can run inside a Docker container. Learn more at https://download.01.org/intel-sgx/sgx-dcap/1.17/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf. The PCCS and QGS are used to get Quote for a TD guest. They need to be installed on TDX hosts.
NOTE: the following installation will be performed in a confidential VM. Make sure you have confidential VM booted before moving forward.
It supports to deploy CCNP services as DaemonSets in Kubernetes cluster or docker containers on a single confidential VM. Please refer to below guides for different deployment environments.
-
CCNP deployment guide - K8S: on confidential VM node of Kubernetes cluster.
-
CCNP deployment guide - Docker: on confidential VM using docker compose.
CCNP SDK can be used by a workload for cloud native primitives collecting. It needs to be installed within the workload container image and called whenever the primitives are required. For example, in your workload written in Python, you can install the SDK from PyPI using the command:
pip install ccnp
Alternatively, the CCNP can be installed from source code with the following command. Make sure to clone the repository into your confidential VM and then run the following command:
cd sdk/python3
pip install -e .
Follow the CCNP device plugin Installation Guide.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, contact the maintainers of the project.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
See CONTRIBUTING.md for details on building, testing, and contributing to these libraries.
If you encounter any bugs or have suggestions, please file an issue in the Issues section of the project.
Note: This is pre-production software and, as such, it may be substantially modified as updated versions are made available.
TCG PC Client Platform TPM Profile Specification
TCG PC Client Platform Firmware Profile Specification
Ruoyu Ying |
Hairongchen |
Lu Ken |
Jiahao Huang |
Ruomeng Hao |
Haokun Xing |
Wang, Hongbo |
Xiaocheng Dong |
LeiZhou |
Yanbo Xu |
Jialei Feng |
Jie Ren |
Robert Dower |
Steve Zhang |
Wenhui Zhang |