< Back

Moving Beyond VMs with CoCo on Arm

June 6, 3:10 PM - 3:30 PM
Grand Ballroom Salon B

As Confidential Virtual Machines, supported by new hardware extensions such as AMD SEV-SNP and Intel TDX, are becoming the prevalent paradigm for confidential computing, the Confidential Containers (CoCo) project provides a simple adoption path to the cloud-native world.

The Arm Confidential Computing Architecture (Arm CCA) includes the Realm Management Extension (RME) hardware extensions in the new Armv9-A architecture and the required software stack to support Confidential Compute.

This session will examine our work, in terms of protocol/software standardization and implementation, to integrate Arm CCA with CoCo. The main components impacted were the Attestation Agent in charge of collecting attestation evidence and the Attestation Service responsible for validating it. We developed a Rust crate providing Arm CCA attestation primitives to enable CoCo to gather, verify and appraise attestation evidence. This library also acts as an endorsement and reference values store abstraction.

We will also present how CoCo's Attestation Service integrates with Veraison, an open-source attestation verifier, in a chained deployment topology.

Finally, we will showcase an end-to-end attestation flow in a demo setup.

About the speakers

Thomas Fossati

Principal Engineer, Linaro

Thomas is an engineer in the Linux Kernel WG at Linaro.

Mathias Brossard

Principal Security Architect, Arm

Mathias is a Principal Security Architect in the Architecture and Technology group at Arm.