Arm’s confidential computing uses hardware to ensure security

Arm introduced its Armv9 chip platform this week as the first major upgrade for its architecture in a decade. And one of the key pillars was “confidential computing,” a hardware-based security initiative.

Arm is a chip architecture company that licenses its designs to others, and its customers have shipped more than 100 billion chips in the past five years. Nvidia is in the midst of acquiring Cambridge, United Kingdom-based Arm for $40 billion, but the deal is waiting on regulatory approvals.

During Arm’s press event, CEO Simon Segars said that Armv9’s roadmap introduces the Arm Confidential Compute Architecture (CCA). Confidential computing shields portions of code and data from access or modification while in use, even from privileged software, by performing the computation in a hardware-based secure environment, he said. More details will be released over time.

The processor can have secure enclaves, and that can create better security throughout the system. Usually, the model for software is to inherently trust the operating system and the hypervisor the software is running on, and that the highest tiers of software are allowed to see into the execution of the lower tiers. But if the operating system or hypervisor is compromised, that’s a risk.

CCA introduces a new concept of dynamically created “realms,” which can be viewed as secured containerized execution environments that are completely opaque to the OS or hypervisor. The hypervisor would still exist, but be solely responsible for scheduling and resource allocation. The realms instead would be managed by a new entity called the realm manager, which is supposed to be a new piece of code roughly a tenth the size of a hypervisor.

“The Arm Confidential Compute architecture will introduce the concept of dynamically created realms, usable by ordinary programs in a separate computation world from either the non-secure or secure world that we have today,” said Richard Grisenthwaite, chief architect at Arm, in a press briefing. “Realms use a small amount of trust and testable management software that is inherently separated from the operating system.”

Segars said that Realms are much like software containers, which isolate code in certain ways, but with hardware support.

“People are realizing that it matters,” said Mike Bursell, chief security architect at Red Hat, in a press briefing. “Confidential computing is about protecting your applications, your workloads from a host which is compromised or malicious or from external hackers. Keeping your workloads safe using hardware controls is how we think about confidential computing. People realize there are some workloads that they’re not happy about putting on the cloud or which are not safe on the edge, maybe because their boxes aren’t physically secure.”

Realms can protect commercially sensitive data and code from the rest of the system while it is in use, at rest, and in transit. In a recent survey of enterprise executives, more than 90% of the respondents believe that if confidential computing were available, the cost of security could come down, enabling them to dramatically increase their investment in engineering innovation. Overall, the chain of trust required for an application to run can be more limited, protecting the overall system if part of the system is compromised.

Henry Sanders, chief technology officer of Azure Edge and Platforms at Microsoft, said in a statement that the complexity of edge-to-cloud computing means that one-size-fits-all solutions don’t work. He believes more synergy between hardware and software with the Confidential Compute architecture is necessary to foster innovation.

Lee Caswell, vice president of marketing at VMware’s cloud platform business, said in a statement that Arm’s SmartNICs with VMware Project Monterey introduce a zero-trust security model with the goal of both improved security and better performance across a hybrid cloud.

“Arm is positioning itself as a high-performance and highly secure platform, stepping up its competition with x86 and to stay ahead of RISC-V,” said Kevin Krewell, an analyst with Tirias Research, in an email to VentureBeat. “The System Ready program is designed to improve the standardization of Arm-based chips to ease software compatibility. Arm is also preparing for an eventual merger with Nvidia, with its Mali graphics adding new features that mirror Nvidia’s RTX family.”

Patrick Moorhead, an analyst at Moor Insights & Strategy, said confidential computing is the next frontier in datacenter security, where every link in the chain has “zero trust” in each other. Armv9 incorporates many elements of confidential computing, and so he thinks Realms is a differentiator.

“It’s all about security against many different attack scenarios from a security perspective,” said Ron Martino, executive vice president and general manager of edge computing at NXP. “This includes both the data and the software IP, dealing with multiple entities, some trusted, some that aren’t trusted. And it also includes ensuring security against physical and remote attacks. So when you think about this whole computing concept and deploying devices, it’s this edge-to-cloud computing concept that is applying confidential computing.”

Dave Kleidermacher at Google said that confidential computing applies both to the cloud as well as mobile devices. He said one of the uses for confidential computing in the cloud is to stop fraud: Data can be extracted from each domain in a chain of payments, and that data that can point to evidence of fraud in a privacy-preserving way.

Richard Searle at Fortanix said the Linux Foundation has been trying to educate the tech community about confidential computing, but there’s still some confusion around it. “There’s still work to be done,” he said. “It’s a new market. But events like this can help get the message about what this new technology can bring to data and application security.”