virtCCA: Virtualized Arm Confidential Compute Architecture with TrustZone
ARM introduces the Confidential Compute Architecture (CCA) in the forthcoming ARMv9-A architecture recently. CCA enables the support of confidential virtual machines (cVMs) within a separated world (known as the Realm world), protected from the untrusted normal world. While CCA points to a convincing future of confidential computing, it is foreseen that the CCA hardware will not be available soon according to ARM's roadmap. Upon this request, we present virtCCA, an architecture that facilitates virtualized CCA using TrustZone, a mature hardware feature on existing ARM platforms. Specifically, we use the Secure EL2 (S-EL2) extension introduced since ARMv8.4 to support the memory isolation among the cVMs. We introduce direct shadow memory mapping – an efficient memory protection scheme – to overcome the limitations of existing hardware. virtCCA is compatible with the CCA specifications at the API level, and we build the entire CCA software and firmware stack atop virtCCA, including the TrustZone Management Monitor (TMM) for enforcing isolation among cVMs and supporting cVM life cycle management, as well as the enhancement of the normal world KVM for support of cVMs. We implemented virtCCA on both QEMU and ARM Fixed Virtual Platform (FVP). The evaluation on micro-benchmarks and macro-benchmarks shows that the overhead of running cVMs is acceptable, compared with the counterpart of running normal world VMs. On a set of real-world workloads the overhead is less than 8 for I/O intensive workloads.
READ FULL TEXT