Introducing the Confidential Compute Architecture

Over the last few years, we’ve seen security, and security breaches of hardware be at the forefront of news, with many vulnerabilities such as Spectre, Meltdown, and all of their sibling side-channel attacks showcasing that there’s a fundamental need for a re-think of how to approach security. One way Arm wants to address this overarching issue is to re-architect how secure applications work with the introduction of the Arm Confidential Compute Architecture.

Before continuing, I want to warn that today’s disclosures are merely high-level explanations of how the new CCA operates, with Arm saying more details on how exactly the new security mechanism works will be unveiled later this summer.

The goal of the CCA is to more from the current software stack situation where applications which are run on a device have to inherently trust the operating system and the hypervisor they are running on. The traditional model of security is built around the fact that the more privileged tiers of software are allowed to and are able to see into the execution of lower tiers, which can be an issue when the OS or the hypervisor is compromised in any way.

CCA introduces a new concept of dynamically creates “realms”, which can be viewed as secured containerised execution environments that are completely opaque to the OS or hypervisor. The hypervisor would still exist, but be solely responsible for scheduling and resource allocation. The realms instead, would be managed by a new entity called the “realm manager”, which is supposed to be a new piece of code roughly 1/10th the size of a hypervisor.

Applications within a realm would be able to “attest” a realm manager in order to determine that it can be trusted, which isn’t possible with say a traditional hypervisor.

Arm didn’t go into more depth of what exactly creates this separation between the realms and the non-secure world of the OS and hypervisors, but it did sound like hardware backed address spaces which cannot interact with each other.

The advantage of the usage of realms is that it vastly reduces the chain of trust of a given application running on a device, with the OS becoming largely transparent to security issues. Mission-critical applications that require supervisory controls would be able to run on any device as say opposed to today’s situation where corporate or businesses require one to use dedicated devices with authorised software stacks.

Not new to v9 but rather introduced with v8.5, MTE or memory tagging extensions are aimed to help with two of the most persistent security issues in the world’s software. Buffers overflows and use-after-free are continuing software design issues that have been part of software design for the past 50 years, and can take years for them to be identified or resolved. MTE is aimed at helping identify such issues by tagging pointers upon allocation and checking upon use.

Security is to Armv9 is what 64-bit was to Armv8 Future Arm CPU Roadmaps, mention of Raytracing GPUs
POST A COMMENT

74 Comments

View All Comments

  • rutamodi - Tuesday, April 27, 2021 - link

    We are the top leading IT company in surat that provides web designing, development, digital marketing, and graphic designing-related services.

    https://www.shreedama.com/services/web-development...
    https://www.shreedama.com/
    Reply
  • skavi - Tuesday, March 30, 2021 - link

    So is Matterhorn v8? I thought it was pretty much expected to launch with v9. Reply
  • dotjaz - Friday, April 2, 2021 - link

    "Armv9 designs to be unveiled soon, devices in early 2022"
    What exactly do you think? ARM will release Matterhorn v8 and Something v9 back to back expecting nobody to use v8 and Qualcomm and Samsung to tape out Something v9 which should be happening NOW for a Q4 production and early 2022 release?

    How stupid does that sound?
    Reply
  • brucethemoose - Tuesday, March 30, 2021 - link

    SVE2 is a huge existential threat for x86.

    Even if Intel, AMD, and VIA's subsidiaries agreed to standardize variable-width SIMD instructions overnight, ARM is still going to beat them to the punch. Heck, Intel couldn't even standardize AVX512 within their own product stack.
    Reply
  • lmcd - Tuesday, March 30, 2021 - link

    A) VIA doesn't matter.
    B) Intel and AMD could standardize this overnight.
    C) If they standardize this overnight, the only ARM implementation that will beat Intel and AMD to the punch will be internal-only Amazon chips and Apple. Might as well be a win.
    Reply
  • brucethemoose - Tuesday, March 30, 2021 - link

    Cores take a long time to design and produce. ARM and their licences presumably have some SVE2 designs in the pipeline by now.

    In addition, Fujitsu, Qualcomm (via Nuvia), Ampere, and Nvidia/ARM all have pretty compelling shots at competitive designs. There are probably more.

    AMD and Intel could be cooperating in secret, but that would be surprising. It would also catch developers by surprise, unless they do something simple like solidify AVX512 across the board, and break up instructions on smaller cores kinda like Zen 1 does.
    Reply
  • lmcd - Tuesday, March 30, 2021 - link

    The SVE2 core designs might be in the pipeline but my point is that the transition from core design -> SoC release appears to be pretty slow still.

    I suppose the data center SoCs might match or slightly beat an Intel/AMD implementation. I still can't see that mattering as much as making it available to developers on local hardware. Until there's a dev loop on a single affordable local device running mainline Linux or Windows with modern WDDM that supports SVE2, it's not a threat. It only affects data centers that are either priced into keeping their current architecture, or are too big to care and already switched.

    If Qualcomm delivers one of those in a laptop SoC, that could change the game. But imo that won't happen before Intel/AMD deliver.
    Reply
  • TheinsanegamerN - Tuesday, March 30, 2021 - link

    We've heard repeatedly that (X) will be the downfall of x86 for years now. ARM was prophacized in 2013 as the next big thing, and it went nowhere. SVE2 will only become a "threat" to x86 if implementations are available across the industry. Reply
  • michael2k - Tuesday, March 30, 2021 - link

    TSMC, not ARM, is currently the biggest threat to x86.
    After TSMC will be Samsung.
    Behind those two it is Apple, not ARM, that is the biggest threat to x86

    And they are all different threats. ARM is slowly displacing x86 as more and more people use Android, iOS, and Chromebooks, and including Macs Intel's market share has dropped a measurable amount in the last decade, assuming Apple doesn't lose customers over their ARM switch.
    Reply
  • dotjaz - Tuesday, March 30, 2021 - link

    You stupid? Zen2 onwards are built by TSMC, how are they a "threat" to x86? Intel ≠ x86. Reply

Log in

Don't have an account? Sign up now