This session is a collaboration between AMD's SEV-SNP team, the NSA's Trusted Mechanisms research group, and Invary.

We intend to showcase the NSA's open-source Maat Measurement and Attestation Framework, which orchestrates attestations of host and guest OS boot and runtime integrity and guest memory integrity (AMD SEV-SNP).

We will thus show the benefits of aggregated attestations to confidential computing workloads, which benefit both the workload owner utilizing the guest and the host's manager.

We will demonstrate multiple use cases with varying levels of confidentiality, providing optionality to end users, for example:

1. A confidential environment with all components having integrity, as seen through a single aggregated output via MAAT.

2. An environment where the host OS lacks runtime integrity via a rootkit attack, but the guest maintains OS and memory runtime integrity. This scenario allows for a separation of response between the owner of a confidential workload and the owner of the host.

3. An environment where the guest lacks memory integrity, but the host and guest have OS integrity.

4. An environment where the guest lacks OS runtime integrity but maintains memory confidentiality.

The key takeaways are:

1. The benefits of open source frameworks like MAAT to aggregate and orchestrate multiple third-party attestations.

2. An understanding of the layered architecture of a confidential computing environment and how each, if compromised, can impact the others.

3. The importance of attestation in confidential computing.

4. Exposure to the Copland language, used for expressing attestations (as described in "Flexible Mechanisms for Remote Attestation" (DOI: 10.1145/3470535).