Arm Confidential Compute Architecture
Our vision for the Arm Confidential Compute Architecture (CCA) is to protect all data and code wherever computing happens – unlocking the power and potential of data and AI. Arm CCA is a key component of the Armv9-A architecture, that will deliver on our goal of unlocking the benefits of confidential computing for every industry sector where microprocessors are used.
Confidential Computing: A New Model of Trust on the Arm Architecture
Computing has become a distributed utility where computing sessions can run on any platform that meets the required security policy. In this environment, the ability to trust the computing utility infrastructure is a crucial element in ensuring that people have confidence in the security and privacy of their information. This computing infrastructure is a prime target for cybercriminals, intent on stealing data and code. Confidential compute is a broad term used to refer to technologies that reduce the need to trust computing infrastructure, such as the need for processes to trust operating system kernels or the need for virtual machines to trust hypervisors. While threats span all industry sectors, the Arm architecture is unique in the breadth of form factors and markets where it is used and our partners are actively innovating and delivering confidential computing on Arm, using existing Armv8-A devices.
Arm CCA, introduced in Armv9-A, is the latest in a series of hardware and software architecture innovations that will extend the broad adoption of confidential computing to every industry sector where microprocessors are in use. Arm CCA builds on the strong security foundations of TrustZone and introduces the concept of dynamically created Realms - it is both evolution and revolution.
Realm Management Extension for Access Control
At the hardware level, the new Realm Management Extension (RME) protects all data and code even in use, enabling better control of who can access data and algorithms. This is the technology that will unlock the true power and potential of data sharing and AI.
RME supports a new type of attestable isolation environment called a Realm. Realms extend confidential compute to all software developers, democratizing secure computing. It also moves providers further from a position of will not access customer data to cannot access customer data. The RME reduces the volume of software that must be trusted, the attack surface for hackers and the opportunity for customer data breaches.
Realms provide additional execution environments to ordinary programs for the secure processing of confidential data. Realms are isolated from the existing Normal and Secure worlds that we have today in TrustZone. The security policy of a Realm is configured using a small amount of trusted and attestable software. This software is inherently separated from the Normal-world operating system and hypervisor, and from any Secure-world hypervisor and trusted OS.
Securely Run All Applications
Arm CCA security enables applications to run in a secure way and therefore be accepted, trusted and deployed. It leverages the Arm standardization that enables interoperability and portability ensuring ecosystem success.
Benefits of Arm CCA
Fully secures third-party data and code for its owner so that it is not accessible by platform owners.
Realms can work alongside TrustZone, ensuring minimal impact on existing trusted applications.
Applies to any market or form factor that uses microprocessors.
Democratizes secure computing for all developers, and increases scalability, not just those working closely with silicon vendors and device OEMs.
Realms can be used at the virtual machine level for seamless portability across the ecosystem of Arm devices.
Native support for attestation enables Realm owners to verify and prove the integrity of the underlying platform and Realm configuration.
How Realms Execute in a Protected Memory Space
The Realm Management Extension (RME) supports a new class of attestable isolation environment called a Realm. Realms are isolated from the existing Normal and Secure worlds that we have today in TrustZone.
As shown in the diagram below, RME protects mainstream computing workloads, such as virtual machines or containers from privileged software and hardware agents including the hypervisor, the Normal world kernel and even TrustZone applications.
Re-Evaluate Trust Relationships
Today, computing is a distributed utility where computing sessions can be run on any platform that meets the required security policy. The ability to trust this computing utility infrastructure is a crucial element in ensuring that people are confident about the security and privacy of their information.