Confidential Computing: Integrating Intel® Tiber™ Trust Services and Intel TDX, with Microsoft Azure or Google Cloud Platform
Note
This feature is not compatible when using CipherTrust Transparent Encryption with CipherTrust Data Security Platform Services (CDSPaaS).
Confidential Computing is a cloud computing technology that can isolate and protect data on Confidential Virtual Machines (CVMs), or Trusted Domains (TDs), while it is being processed by the application, to protect it from a broad range of software attacks. Confidential Computing ensures that all data operations are executed within a Trusted Execution Environment.
Confidential Computing provisioning requires Intel® Tiber™ Trust Services (ITTS), to attest the CVMs, or TDs, and create a Trusted Execution Environment around them. ITTS is a verifier in a remote attestation application architecture. In Remote Attestation procedures, one peer (the "Attester"), produces cryptographic information about itself ("Evidence") to enable a remote peer (the "Relying Party") to decide whether or not to consider that Attester a trustworthy peer. In this case, CipherTrust Manager is the Relying Party.
Confidential Computing is available for MISSING VARIABLE: cc. MISSING VARIABLE: cc and CipherTrust Manager manage the attestation process to provision confidential computing on VMs running on agents to provide End-To-End Data Protection. The role for MISSING VARIABLE: cc in this confidential computing model is to gather the evidence and provide it to CipherTrust Manager to have it attested for by ITTS. If attestation fails, MISSING VARIABLE: cc prevents access to the encrypted data that it guards.
Requirements & Specifications
System | Description |
---|---|
Attestation Authority | Intel® Tiber™ Trust Services (ITTS) |
Agent requirements | Note Support available for the following.
|
CipherTrust Manager Minimum Version | 2.20 |
CipherTrust Transparent Encryption Minimum Version | 7.8.0 |
CTE-U Minimum Version | 10.5.0 |
Prerequisites
-
Install CipherTrust Manager v2.20, or a subsequent version, on a virtual or physical system.
-
Obtain a valid account for one of the following environments:
-
Obtain an Intel® Tiber™ Trust Services account.
-
Install and configure Microsoft Authenticator on your mobile phone.
Note
For the purposes of this documentation, we have documented use of Microsoft Authenticator as the Multi-Factor Authentication (MFA) program. You can use any MFA application with the portal. See How to Add Additional Authentication Methods to set up and use an alternative MFA provider.
Creating Keys and Policies in the Intel Portal
-
Open Microsoft Authenticator on your mobile phone. The login requests an authentication code from Microsoft Authenticator to access the site.
-
Login to the Intel Portal.
-
Create an Attestation API key. You can associate it with either a simple policy, or one with an MRTD (Measurement of Trust Domain) value.
-
In the navigation bar on the left, click Manage Policies.
-
Click Add a Policy. Follow the on-screen instructions for creating a policy.
Field Name Value Attestation Type TDX Attestation Policy Type Appraisal policy with an MRTD value. Simple Policy
default matches_sgx_policy = false matches_sgx_policy = true { input.tdx_is_debuggable == false }
-
To find the TDX MRTD value, on the CipherTrust Transparent Encryption agent, type:
sudo tpm2_nvread --offset=560 --size=48 -C o 0x01400001 | xxd -p | tr -d '\n' | awk '{print}'
-
To find the TDX MRSEAM value, on the CipherTrust Transparent Encryption agent, type:
sudo tpm2 nvread --offset=312 --size=48 -C o 0x01400001 | xxd -p | tr -d
-
Add the policy that you created in the previous step to your API key.
-
-
Create an Admin API Key.
-
In the navigation bar on the left, click Admin API Keys.
-
Select the View icon (
) for the API key that you want to copy.
-
Select the Copy icon (
). The API key is copied to your system memory.
-
Alternatively, to create a new API key, click Delete/Regenerate API Key.
-
Use the API key with the Trust Services CTL CLI utility to manage admins and users.
-
Reference Information
To learn how to create an Intel Trust Services policy, consult the following Intel documentation:
Provisioning TDX machines
Select to provision TDX machines for either Microsoft Azure or Google Cloud Platform.
Provision a TDX machine from Microsoft Azure
-
Login to the Azure Portal.
-
Open Microsoft Authenticator to obtain an authorization code.
-
Enter that Microsoft Authenticator code in the dialog on the Azure Portal page.
-
From the home page of the Azure portal, click Create Resource.
-
Click Virtual Machine > Create and follow the on-screen instructions to create a VM.
Field Name VM Type Value Security Type TDX Confidential virtual machine OS Image TDX Ubuntu Server 24.xx LTS (Confidential VM) -x64 Gen 2 VM architecture TDX x64 Size TDX Standard DC4eds_v5 or larger Note
Secure boot is enabled by default. You can disable it once
confidential VM security type
is selected. A link appears for configuring the security features. Toggle the option forEnable secure boot
to disable it. -
Click Review & Create.
TDX-Azure
Reference Information
Validate TDX machine
-
List the contents for
/dev/tpm
, type:ls -l /dev/tpm*
Result
crw-rw---- 1 tss root 10, 224 Aug 14 22:25 /dev/tpm0 crw-rw---- 1 tss tss 253, 65536 Aug 14 22:25 /dev/tpmrm0
-
Verify that Intel TDX is activated, type:
grep TDX
Result
[0.902814] Memory Encryption Features active: Intel TDX
-
Verify that the TPM (Trusted Platform Module) is valid, type:
grep TPM
Result
[ 0.000000] efi: ACPI=0xbfffa000 ACPI 2.0=0xbfffa014 SMBIOS=0xbff85000 SMBIOS 3.0=0xbff83000 TPMFinalLog=0xbeb39000 MEMATTR=0xbf414018 MOKvar=0xbf402000 INITRD=0xbea62c18 RNG=0xbffd2018 TPMEventLog=0xb6fb3018 [ 0.070902] ACPI: TPM2 0x00000000BFFD3000 000034 (v03 VRTUAL VTPM 00000001 MSFT 00000001) [ 0.094058] ACPI: Reserving TPM2 table memory at [mem 0xbffd3000-0xbffd3033]
Install the Trusted Platform Module tools on your Agent VM
- Download the Trusted Platform Module (TPM) tools, type:
apt update apt install tpm2-tools apt install libnsl2 apt install libatomic1
Provision a TDX machine from Google Cloud Platform
Prerequisites
- Obtain an image of Ubuntu 24.xx LTS
Use Google Cloud (GCP) to Grant access to all VM instances in a project
- Grant access to all VM instances in a project, type:
gcloud projects add-iam-policy-binding thl-ite-d-itecc \ --member: 'group:gcp-ite-itecc@thalescloud.io'\ --role: 'roles/iap.tunnelResourceAccessor' \ --impersonate-service-account automation@thl-ite-d-itecc.iam.gserviceaccount.com\
Note
Change the thales-related variables to values appropriate for your network.
Reference Information
Check Network (VPC) and firewall flow
Warning
Your network security rules must allow public IP for external connection enabled. Otherwise, CTE agent registration may fail.
Create a GCP TDX VM
-
Login in and set up the project ID.
-
Create a network, type:
gcloud compute networks create tdx-default-network \ --subnet-mode=auto\ --BGP_ROUTING_MODE: REGIONAL\ --IPV4_RANGE: <for-your-network>\ --GATEWAY_IPV4: <for-your-network>
-
Create an SSH connection, type:
gcloud compute firewall-rules create allow-ssh --network tdx-default-network --allow tcp:22
-
Create the VM, type:
gcloud compute instances create tdxvm-cpl-gcp \ --machine-type c3-standard-4 --zone us-central1-a \ --confidential-compute-type=TDX \ --on-host-maintenance=TERMINATE \ --image-family=ubuntu-2404-lts \ --image-project=tdx-guest-images \ --project cpl-tdx-l-tdxpreview-01 \ --subnet "tdx-default-network"
-
Connect to the VM with the gcloud sdk, type:
gcloud compute ssh tdxvm-cpl-gcp \ --project=cpl-tdx-l-tdxpreview-01 \ --zone=us-central1-a
Note
-
This should create an ssh key pair. Make sure that the
/.ssh/google_compute_engine.pub
is in your list of allowed ssh keys in your VM google console. (Metadata → SSH Keys). -
If, after you log in, your prompt does not have color, username and machine name, check if the interpreter is
bash
withecho $0
. If it is not, change it tobash
withsudo chsh -s /bin/bash $USER
.
-
TDX-GCP
Reference Information
Install the Trusted Platform Module tools on your Agent VM
- Download the Trusted Platform Module (TPM) tools, type:
apt update apt install tpm2-tools apt install libnsl2 apt install libatomic1
CipherTrust Manager Requirements
Create an Attestation Authority Connection
Provisioning Confidential Computing on agents requires one admin connection (connection with administrator privileges) and one non-admin connection (connection without administrator privileges). The admin connection is necessary to retrieve the policies from the Attestation Authority. CipherTrust Manager uses the connection details to communicate with Intel® Tiber™ Trust Services (ITTS) for agent attestation when a request is received from the agent.
To create the Attestation Authority connections:
-
Log on to CipherTrust Manager.
-
In the left nav-bar, click Access Management > Connections.
-
Select + Add Connection.
-
In the Select Connection Type, click More.
-
From the Select Connection dropdown, select Attestation Authority and click Next.
-
In the General Info section, enter the Name and Description for the connection and click Next.
-
In Configure Connection, create an Admin User Connection by selecting from the following options. Choose European or US for your URLs based on which URL is valid for your account:
Field Name Country Value Description URL for API method US https://api.trustauthority.intel.com URL for connecting to the Attestation Authority. Europe https://api.eu.trustauthority.intel.com US: AMD https://api.pilot.trustauthority.intel.com Pilot for AMD Base URL US https://portal.trustauthority.intel.com Base URL for connecting to the Attestation Authority. Europe https://portal.eu.trustauthority.intel.com US: AMD https://portal.pilot.trustauthority.intel.com Pilot for AMD API Key Provide either the Admin API key, or the Attestation API key, created in ITTS to establish the connection with the Attestation Authority. Metadata Provide meta information in the JSON format. -
Select Admin User to create a connection with administrator privileges. Click Next.
-
In Add Products section, select the CTE checkbox.
Note
CTE-U users should also select CTE.
-
Click Add Connection.
-
Repeat these steps to create the Attestation connection. Do not select Admin User in step 8.
Note
In CipherTrust Manager, select Access Management > Connections, click the ellipsis (...) to View, Edit, or Delete the connections..
Create a Global Client Profile
Create a Client Profile to associate with the Attestation Authority connection.
-
In the CipherTrust Manager dashboard, click Access Management > Client Profiles > Add Client Profile.
-
Enter Profile Name and Description.
-
Select CA Type: Local or External.
-
Select the respective Local or External CA in Select <CA Type> CA.
-
Enter the Certificate Duration (in days) for which the CA certificate remains active.
-
Expand the CONFIDENTIAL COMPUTING section and add the following details:
Field Name Value Description Attestation Authority Identifier Intel® Tiber™ Trust Services (ITTS) Attestation Connection Select a non-admin connection Admin Connection Select an admin connection Note: Admin and non-admin type connections should belong to the same Attestion Authority. Policy Type Appraisal policy These policies are fetched from the Attestation Authority server. You can select appraisal policies. Policy Names <policy_names>
Select one or more policies from the drop-down menu. Cloud Provider [ Azure | Google Cloud
] -
Click Add/Update Client Profile.
Create a Registration Token
Create a registration token on the CipherTrust Manager. You must have administrator privileges to create registration tokens.
-
Log on to the CipherTrust Manager GUI as administrator.
-
In the left pane, click Access Management > Registration Tokens.
-
On the right, click Add Registration Token. The Create New Registration Token wizard displays.
-
Click Begin to start token creation. The Configure Token screen displays.
-
(Optional) Specify a Name Prefix for the client name. This prefix is used to construct names for clients whose names are not specified during registration with the CipherTrust Manager using this token.
-
If the name prefix is specified as
ks_client
, client names will be constructed asks_client#
; for example,ks_client1
,ks_client2
,ks_client3
, and so on. However, if a client's name is specified during registration, this name prefix is not used for that client. -
If the name prefix is not specified, the CipherTrust Manager will construct a random name for clients.
-
-
Set the Token lifetime. You must include a time unit with it such as:
Token Lifetime Span Value 10 m 10 minutes 10 h 10 hours 10 d 10 days unlimited Never expires -
Specify Client Capacity. This is the maximum number of clients that can be registered using this registration token. The default capacity is
100
clients. -
Select Add Profile and add the client profile that you just created.
-
Click Create Token. The Create Token screen displays the generated registration token in ASCII and Base64 encoding. CipherTrust Manager accepts the registration token in ASCII format only.
-
Click Copy next to the token to save the copied token. Use this token when registering and migrating clients.
Install and Register CTE-U
Install CTE-U
-
Log on to the host where you will install the CTE UserSpace Agent as
root
. You cannot install the CTE-U Agent withoutroot
access. -
Copy or mount the installation file to the host system.
-
Install CTE UserSpace, type
apt install <cteu-version>.<build>.deb`
Example
apt install ./cte-fuse_10.1.0.52.deb`
Caution
CTE-U does not support customer paths for Ubuntu installation. You must use the default path.
Register CTE-U
-
The install script installs the CTE-U Agent software, and any missing dependencies, in either
/opt/vormetric
or your custom installation directory (excluding Ubuntu), and then prompts you to register the CTE UserSpace Agent with a key manager by running/opt/vormetric/DataSecurityExpert/agent/vmd/bin/register_host
.Welcome to the CipherTrust Transparent Encryption File System Agent Registration Program. Agent Type: CipherTrust Transparent Encryption File System Agent Agent Version: 10.5.0.54 In order to register the CipherTrust Transparent Encryption File System Agent with a Key Manager 1. you must know the host name of the machine running the DSM (the host name is displayed on the Dashboard window of the Management Console), and 2. unless you intend to use the 'shared secret' registration method, the agent's host machine must be pre-configured on the DSM as a host with the 'Reg. Allowed' checkbox enabled for this agent type on the Hosts window of the Management Console. In order to register with a Key Manager you need a valid registration token from the CM. Do you want to continue with agent registration? (Y/N) [Y]:
-
Enter Y to continue with the registration process. The install script prompts you to enter the host name or IP address of the CipherTrust Manager with which you want to register CTE-U.
For example: Do you want to continue with agent registration? (Y/N) [Y]: Y Please enter the primary key manager host name: 10.3.200.141:8445 You entered the host name 10.3.200.141<br> Is this host name correct? (Y/N) [Y]: Y
-
Enter the client host name when prompted.
Please enter the host name of this machine, or select from the following list. [1] sys31186.qa.com [2] 10.3.31.186 Enter a number, or type a different host name or IP address in manually:<br> What is the name of this machine? [1]: 2 You selected "10.3.31.186".
-
Enter the CipherTrust Manager registration token, profile name, host group and host description. If you omit the profile name, CipherTrust Manager associates the default client profile with this client.
Please enter the registration token: 12345 Please enter the profile name for this host: My-Profile Please enter the host group name for this host, if any: Please enter a description for this host: West Coast Datacenter server 5 Token : 12345 Profile name : My-Profile Host Group : (none) Host description : West Coast Datacenter server 5 Are the above values correct? (Y/N) [Y]: Y
-
CTE-U finishes the installation and registration process.
Generating key pair for the kernel component...done.<br> Extracting SECFS key<br> Generating EC certificate signing request for the vmd...done.<br> Signing certificate...done.<br> Enrolling agent with service on 10.3.200.141...done.<br> Successfully registered the CipherTrust Transparent Encryption File System Agent with the<br> CipherTrust Manager on 10.3.200.141. Installation success.
Reference Information
Validate Confidential Computing on the CTE-U Agent for Attestation
-
Verify that your agent is capable of confidential computing, type:
sudo /opt/vormetric/DataSecurityExpert/agent/vmd/bin/vmutil -a vmd cc_check
Result if validation succeeds
This system is capable of confidential computing.
Result if validation fails
This system is not capable of confidential computing
In the UI, CipherTrust Manager displays the term warning in the status column and displays a banner message indicating that the Agent failed attestation.
-
If using a policy with an MRTD value, validate that the MRTD value in the policy and on the Agent are the same, type:
sudo tpm2_nvread --offset=560 --size=48 -C o 0x01400001 | xxd -p | tr -d '\n' | awk '{print}'
It should be the same value as the MRTD value on this file:
cat /opt/vormetric/DataSecurityExpert/agent/vmd/etc/attestation.txt
Note
Attestations fail when the TCB status becomes out-of-date. Following is an example from the attestation report:
"attester_tcb_status": "OutOfDate"
Attestations will continue to fail until Azure rolls out a new paravisor with the updated TCB on the VM (This would also mean new measurements, such as the MRTD values, that you will need to update in the attestation policy).
To temporarily workaround this out-of-date TCB issue, remove the following line from the attestation policy:
input.attester_tcb_status = "UpToDate"
Confidential Computing Policies
There are no special CTE-U policies for Confidential Computing. Create standard policies as usual.
Confidential Computing GuardPoints
There are no special GuardPoints for Confidential Computing. Create GuardPoints as usual.