Integrating with Intel® Tiber™ Trust Services and Intel TDX for Confidential Computing

Confidential Computing is a cloud computing technology that can isolate and protect data on Confidential Virtual Machines (CVMs), or Trusted Domains (TDs), while it is being processed by the application, to protect it from a broad range of software attacks. Confidential computing ensures that all data operations are executed within a Trusted Execution Environment.

Confidential Computing provisioning requires Intel® Tiber™ Trust Services (ITTS), to attest the CVMs, or TDs, and create a Trusted Execution Environment around them. ITTS is a verifier in a remote attestation application architecture. In Remote Attestation procedures, one peer (the "Attester"), produces cryptographic information about itself ("Evidence") to enable a remote peer (the "Relying Party") to decide whether or not to consider that Attester a trustworthy peer. In this case, CipherTrust Manager is the Relying Party.

CipherTrust Transparent Encryption and CipherTrust Manager manage the attestation process to provision confidential computing on VMs running on CTE agents to provide End-To-End Data Protection. The role for CTE in this confidential computing model is to gather the evidence and provide that to CipherTrust Manager to have it attested for by ITTS. If attestation fails, CTE prevents access to the encrypted data that it guards.

Requirements & Specifications

Prerequisites

1. Install CipherTrust Manager v2.18, or a subsequent version, on a virtual or physical system.

2. Obtain a valid account for Microsoft Azure.

3. Obtain an Intel® Tiber™ Trust Services account.

4. Install and configure Microsoft Authenticator on your mobile phone.

Provision a TDX machine from Microsoft Azure

TDX is the remote attestation service.

1. Login to the Azure Portal.

2. Open Microsoft Authenticator to obtain an authorization code.

3. Enter that Microsoft Authenticator code in the dialog on the Azure Portal page.

4. From the home page of the Azure portal, click Create Resource.

5. Click Virtual Machine > Create and follow the on-screen instructions to create a VM.

   Field Name	Value
   Security Type	Confidential virtual machine
   OS Image	Ubuntu Server 22.04 LTS (Confidential VM) -x64 Gen 2
   VM architecture	x64
   Size	Standard DC4eds_v5 or larger

   Note

   Secure boot is enabled by default. You can disable it once confidential VM security type is selected. A link appears for configuring the security features. Toggle the option for Enable secure boot to disable it.

6. Click Review & Create.

   

Validate TDX machine

1. List the contents for /dev/tpm, type:

   ls -l /dev/tpm*
   

   Result

   crw-rw---- 1 tss root  10,   224 Aug 14 22:25 /dev/tpm0
   crw-rw---- 1 tss tss  253, 65536 Aug 14 22:25 /dev/tpmrm0
   

2. Verify that Intel TDX is activated, type:

   grep TDX
   

   Result

   [    0.902814] Memory Encryption Features active: Intel TDX
   

3. Verify that the TPM (Trusted Platform Module) is valid, type:

   grep TPM
   

   Result

   [    0.000000] efi: ACPI=0xbfffa000 ACPI 2.0=0xbfffa014 SMBIOS=0xbff85000 SMBIOS 3.0=0xbff83000 TPMFinalLog=0xbeb39000 MEMATTR=0xbf414018 MOKvar=0xbf402000 INITRD=0xbea62c18                RNG=0xbffd2018                                  TPMEventLog=0xb6fb3018
   [    0.070902] ACPI: TPM2 0x00000000BFFD3000 000034 (v03 VRTUAL VTPM     00000001 MSFT 00000001)
   [    0.094058] ACPI: Reserving TPM2 table memory at [mem 0xbffd3000-0xbffd3033]
   

Reference Information

• Create a confidential VM with the Azure CLI

• Deploy confidential VM with ARM template

• Create confidential VM in the Azure portal

Install the Trusted Platform Module tools on your Agent VM

1. Download the Trusted Platform Module (TPM) tools, type:

   git clone https://github.com/tpm2-software/tpm2-tools
   

2. Install the Trusted Platform Module (TPM) tools on the CipherTrust Transparent Encryption agent, type:

   apt install tpm2-tools
   

Creating Keys and Policies in the Intel Portal

1. Open Microsoft Authenticator on your mobile phone. The login requests an authentication code from Microsoft Authenticator to access the site.

2. Login to the Intel Portal.

3. Create an Attestation API key. You can associate it with either a simple policy, or one with an MRTD (Measurement of Trust Domain) value.

   1. In the navigation bar on the left, click Manage Policies.

   2. Click Add a Policy. Follow the on-screen instructions for creating a policy.

      Field Name	Value
      Attestation Type	TDX Attestation
      Policy Type	Appraisal policy with an MRTD value.

      Simple Policy

      default matches_sgx_policy = false
      matches_sgx_policy = true
      {
      input.tdx_is_debuggable == false
      input.attester_tcb_status = "UpToDate"
      }
      

   3. To find the TDX MRTD value, on the CipherTrust Transparent Encryption agent, type:

      sudo tpm2_nvread --offset=560 --size=48 -C o 0x01400001 | xxd -p | tr -d '\n' | awk '{print}'
      

   4. To find the TDX MRSEAM value, on the CipherTrust Transparent Encryption agent, type:

      sudo tpm2 nvread --offset=312 --size=48 -C o 0x01400001 | xxd -p | tr -d
      

   5. Add the policy that you created in the previous step to your API key.

4. Create an Admin API Key.

   1. In the navigation bar on the left, click Admin API Keys.

   2. Select the View icon () for the API key that you want to copy.

   3. Select the Copy icon (). The API key is copied to your system memory.

   4. Alternatively, to create a new API key, click Delete/Regenerate API Key.

      

   5. Use the API key with the Trust Services CTL CLI utility to manage admins and users.

Reference Information

To learn how to create an Intel Trust Services policy, consult the following Intel documentation:

• Appraisal Policies

• Author a custom policy

• Policy builder tool

CipherTrust Manager Requirements

Create an Attestation Authority Connection

Provisioning Confidential Computing on CTE clients requires one admin connection (connection with administrator privileges) and one non-admin connection (connection without administrator privileges). The admin connection is necessary to retrieve the policies from the Attestation Authority. CipherTrust Manager uses the connection details to communicate with ITTS for agent attestation when a request is received from the agent.

To create the Attestation Authority connections:

1. Log on to CipherTrust Manager.

2. In the left nav-bar, click Access Management > Connections.

3. Select + Add Connection.

4. In the Select Connection Type, click More.

5. From the Select Connection dropdown, select Attestation Authority and click Next.

6. In the General Info section, enter the Name and Description for the connection and click Next.

7. In Configure Connection, create an Admin User Connection by selecting from the following options. Choose European or US for your URLs based on which URL is valid for your account:

   Field Name	Value	Description
   URL for API method	https://api.trustauthority.intel.com	URL for connecting to the Attestation Authority.
   Base European URL	https://portal.eu.trustauthority.intel.com	Base URL for the Attestation Authority.
   Base U.S. URL	https://portal.trustauthority.intel.com	Base URL for the Attestation Authority.
   API Key		Provide either the Admin API key or the Attestation API key created in ITTS to establish the connection with the Attestation Authority.
   Base API European URL	https://api.eu.trustauthority.intel.com	Base URL for API connection.
   Base API U.S. URL	https://api.trustauthority.intel.com	Base URL for API connection.

8. Select Admin User to create a connection with administrator privileges. Click Next.

9. In Add Products section, select the CTE checkbox.

10. Click Add Connection.

11. Repeat these steps to create the Attestation connection. Do not select Admin User in step 8.

Create a Global Client Profile

Create a Client Profile to associate with the Attestation Authority connection.

1. In the CipherTrust Manager dashboard, click Access Management > Client Profiles > Add Client Profile.

2. Enter Profile Name and Description.

3. Select CA Type: Local or External.

4. Select the respective Local or External CA in Select <CA Type> CA.

5. Enter the Certificate Duration (in days) for which the CA certificate remains active.

6. Expand the CONFIDENTIAL COMPUTING section and add the following details:

   Field Name	Value	Description
   Attestation Authority Identifier	Intel Trust Authority (ITTS)
   Attestation Type	TDX Attestation
   Attestation Connection	Select a non-admin connection
   Admin Connection	Select an admin connection	Note: Admin and non-admin type connections should belong to the same Attestion Authority.
   Policy Type	Appraisal policy	These policies are fetched from the Attestation Authority server. You can select appraisal policies.
   Policy Names	<policy_names>	Select one or more policies from the drop-down menu.
   Cloud Provider	Azure

7. Click Add/Update Client Profile.

Create a Registration Token

Create a registration token on the CipherTrust Manager. You must have administrator privileges to create registration tokens.

1. Log on to the CipherTrust Manager GUI as administrator.

2. In the left pane, click Access Management > Registration Tokens.

3. On the right, click Add Registration Token. The Create New Registration Token wizard displays.

4. Click Begin to start token creation. The Configure Token screen displays.

5. (Optional) Specify a Name Prefix for the client name. This prefix is used to construct names for clients whose names are not specified during registration with the CipherTrust Manager using this token.

   • If the name prefix is specified as ks_client, client names will be constructed as ks_client#; for example, ks_client1, ks_client2, ks_client3, and so on. However, if a client's name is specified during registration, this name prefix is not used for that client.

   • If the name prefix is not specified, the CipherTrust Manager will construct a random name for clients.

6. Set the Token lifetime. You must include a time unit with it such as:

   Token Lifetime Span	Value
   10 m	10 minutes
   10 h	10 hours
   10 d	10 days
   unlimited	Never expires

7. Specify Client Capacity. This is the maximum number of clients that can be registered using this registration token. The default capacity is 100 clients.

8. Select Add Profile and add the client profile that you just created.

9. Click Create Token. The Create Token screen displays the generated registration token in ASCII and Base64 encoding. CipherTrust Manager accepts the registration token in ASCII format only.

10. Click Copy next to the token to save the copied token. Use this token when registering and migrating clients.

Install and Register CipherTrust Transparent Encryption with a Confidential Computing Azure VM

Prerequisites

Ubuntu Users Only

Before installing CipherTrust Transparent Encryption, you must disable the Ubuntu unattended upgrade feature in order to prevent it from automatically upgrading to a kernel version that CipherTrust Transparent Encryption has yet to support. Once the Azure kernel is upgraded, there does not appear to be a method to downgrade it, or choose a compatible kernel version.

To disable the Ubuntu unattended upgrade feature:

1. Type the following command:

   dpkg-reconfigure unattended-upgrades
   

2. Choose No to the question about automatic updates.

3. Verify that the following configuration file shows 0 values, type:

   cat /etc/apt/apt.conf.d/20auto-upgrades
   

   Expected Response

   APT::Periodic::Update-Package-Lists "0";
   APT::Periodic::Unattended-Upgrade "0";
   

Install CipherTrust Transparent Encryption

1. Install CipherTrust Transparent Encryption v7.7.0, or a subsequent version, on the VM to which you installed the TPM tools, type:

   sudo ./vee-fs-7.7.0-48-ubuntu22-x86_64.bin -y
   

2. During registration, select to enable Confidential Computing.

3. Log on to the host where you will install the CTE Agent as root. You cannot install the CTE Agent without root access.

4. Copy or mount the installation file to the host system. If necessary, make the file executable with the chmod command.

5. Install the CTE Agent. A typical installation uses the following syntax:

   ./vee-fs-<release>-<build>-<system>.bin
   

   For example:

    ./vee-fs-7.3.0-135-rh8-x86_64.bin
   

   To install the CTE Agent in a custom directory, use the -d <custom-dir> option. For example:

    ./vee-fs-7.3.0-135-rh8-x86_64.bin -d /home/my-cte-dir/
   

   Note

   If possible, Thales recommends that you use the default directory /opt/vormetric.

   To view all installer options, use the -h parameter. For example:

    ./vee-fs-7.3.0-135-rh8-x86_64.bin -h
   

6. The Thales License Agreement displays. When prompted, type Y and press Enter to accept.

   The install script installs the CTE Agent software in either /opt/vormetric or your custom installation directory and then prompts you about registering the CTE Agent with a key manager.

   Welcome to the CipherTrust Transparent Encryption File System Agent Registration Program.

    Agent Type: CipherTrust Transparent Encryption File System Agent
    Agent Version: <Release.build-number>
   
    In order to register with a CipherTrust Manager you need a valid registration token from the CM.
   
    Do you want to continue with agent registration? (Y/N) [Y]:
   

7. Type N and press Enter to end the installation procedure without registering the CTE Agent with a key manager.

8. Enter Y to continue with the registration process. The install script prompts you to enter the host name or IP address of the CipherTrust Manager with which you want to register CTE. For example:

   CTE for CipherTrust Manager

   Do you want to continue with agent registration? (Y/N) [Y]: Y
   
   Please enter the primary key manager host name: 10.3.200.141
   
   You entered the host name 10.3.200.141
   
   Is this host name correct? (Y/N) [Y]: Y
   

   CTE for CDSPaaS

   Do you want to continue with agent registration? (Y/N) [Y]: Y
   
   Enter the primary key manager host name of the service:
   
   You entered the host name us1.ciphertrust.dpondemand.io
   
   Is this host name correct? (Y/N) [Y]: Y
   

   Host names:

   • Europe: ciphertrust.dpondemand.io

   • North America: us1.ciphertrust.dpondemand.io

   Note

   The default communication port is 443. If you want to specify a different communication port, enter it with the primary key manager host name in the format: <hostName>:<port#>

9. Enter the client host name when prompted.

   Please enter the host name of this machine, or select from the following list.
   
   [1] sys31186.qa.com
   [2] 10.3.31.186
   
   Enter a number, or type a different host name or IP address in manually:
   What is the name of this machine? [1]: 2
   You selected "10.3.31.186".
   

10. Enter the CipherTrust Manager registration token, profile name, host group and host description. If you omit the profile name, CipherTrust Manager associates the default client profile with this client.

    Please enter the registration token: 12345
    Please enter the profile name for this host: My-Profile
    Please enter the host group name for this host, if any:
    Please enter a description for this host: RHEL7 system West Coast Datacenter
    
    Token            : 12345
    Profile name     : My-Profile
    Host Group       : (none)
    Host description : RHEL7 system West Coast Datacenter
    Are the above values correct?  (Y/N) [Y]: Y
    

11. At the hardware association prompt, select whether you want to enable the hardware association feature to prevent cloning. The default is Y (enabled):

    It is possible to associate this installation with the hardware of this machine. If selected, the agent will not contact the key manager or use any cryptographic keys if any of this machine's hardware is changed. This can be rectified by running this registration program again. Do you want to enable this functionality? (Y/N) [Y]: Y

12. Type Y to support Filesystem encryption and to choose other features. Type N if you only want to support Ransomware Protection. If you type N, then LDT and COS are not supported.

    Do you want this host to have Filesystem encryption support enabled on the server? (Y/N) [Y]:
    

13. At the LDT prompt, specify that you want this client to use CTE-LDT by typing Y and pressing Enter:

    Do you want this host to have LDT support enabled on the server? (Y/N) [N]: Y
    

14. If you are planning to create GuardPoints on NFS shares, enter the name of the LDT Communication Group that this node will join.

    Enter the LDT Communication Group name: LCG1
    

    Warning

    The registration token, profile name, client group name and LDT Communication Group name are case-sensitive. If any of these are entered incorrectly, the client registration will not succeed. If the registration fails, click Back in the installer and verify that the case is correct for all entries on this page.

15. At the Cloud Object Storage (COS) prompt, specify whether you want this client to use CTE COS.

    Do you want to configure this host for Cloud Object Storage? (Y/N) [N]:
    

16. Specify if you want to enable Ransomware Protection.

    Do you want this host to have Ransomware Protection support enabled on the server?  (Y/N) [N]:
    

17. CTE finishes the installation and registration process.

    Generating key pair for the kernel component...done.
    Extracting SECFS key
    Generating EC certificate signing request for the vmd...done.
    Signing certificate...done.
    Enrolling agent with service on 10.3.200.141...done.
    Successfully registered the CipherTrust Transparent Encryption CTE Agent with the CipherTrust Manager on 10.3.200.141.
    
    Installation success.
    

18. In CipherTrust Manager, change the client password using the manual password creation method. This password allows users to access encrypted data if the client is ever disconnected from the CipherTrust Manager. For details on changing the password, see the CipherTrust Manager documentation.

Validate Confidential Computing on the CTE Agent for Attestation

1. Verify that your CTE agent is capable of confidential computing, type:

   sudo /opt/vormetric/DataSecurityExpert/agent/vmd/bin/vmutil -a vmd cc_check
   

   Result if validation succeeds

   This system is capable of confidential computing.
   

   Result if validation fails

   This system is not capable of confidential computing
   

   In the UI, CipherTrust Manager displays the term warning in the status column and displays a banner message indicating that the Agent failed attestation.

   

2. If using a policy with an MRTD value, validate that the MRTD value in the policy and on the Agent are the same, type:

   sudo tpm2_nvread --offset=560 --size=48 -C o 0x01400001 | xxd -p | tr -d '\n' | awk '{print}'
   

   It should be the same value as the MRTD value on this file:

   cat /opt/vormetric/DataSecurityExpert/agent/vmd/etc/attestation.txt
   

"attester_tcb_status": "OutOfDate"

input.attester_tcb_status = "UpToDate"

Confidential Computing Policies

There are no special CTE policies for Confidential Computing. Create standard and LDT policies as usual.

Confidential Computing GuardPoints

There are no special GuardPoints for Confidential Computing. Create GuardPoints as usual.