Linux Foundation Organization akan kafa kungiyar hadin gwiwa , da nufin haɓaka buɗaɗɗen fasahohi da ƙa'idodi masu alaƙa da amintaccen sarrafa ƙwaƙwalwar ajiya da ƙididdigar sirri. Tuni kamfanoni irin su Alibaba, Arm, Baidu, Google, IBM, Intel, Tencent da kuma Microsoft suka shiga aikin haɗin gwiwa, waɗanda ke da niyyar yin aiki tare a kan wani dandali na tsaka tsaki don haɓaka fasahohin keɓe bayanai a cikin ƙwaƙwalwar ajiya yayin aikin sarrafa kwamfuta.
Maƙasudin ƙarshe shine samar da hanyoyin tallafawa cikakken tsarin sarrafa bayanai a cikin rufaffen tsari, ba tare da samun bayanai cikin buɗaɗɗen tsari a kowane mataki ba. Bangaren sha'awar haɗin gwiwar da farko ya haɗa da fasahar da ke da alaƙa da yin amfani da ɓoyayyen bayanai a cikin tsarin kwamfuta, wato, amfani da keɓantaccen ɓoye, ka'idoji don , Yin amfani da bayanan da aka ɓoye a cikin ƙwaƙwalwar ajiya da kuma cikakken keɓewar bayanai a cikin ƙwaƙwalwar ajiya (misali, don hana mai kula da tsarin mai watsa shiri daga samun damar bayanai a cikin ƙwaƙwalwar ajiyar tsarin baƙi).
An canja waɗannan ayyuka masu zuwa don ci gaba mai zaman kansa a matsayin wani ɓangare na Ƙungiyoyin Ƙididdigar Sirri:
- An mika Intel don ci gaba da haɓaka haɗin gwiwa
sassa don amfani da fasaha (Extensions Guard Software) akan Linux, gami da SDK tare da saitin kayan aiki da ɗakunan karatu. SGX ya ba da shawarar yin amfani da saitin umarnin sarrafawa na musamman don keɓance wuraren ƙwaƙwalwar ajiya masu zaman kansu zuwa aikace-aikacen matakin mai amfani, abubuwan da ke cikin su an ɓoye su kuma ba za a iya karantawa ko gyara su ba har ma da kernel da lambar da ke gudana a cikin yanayin ring0, SMM da VMM; - Microsoft ya mika tsarin , ba ka damar ƙirƙirar aikace-aikace na daban-daban TEE (Trusted Execution Environment) gine-gine ta yin amfani da API guda ɗaya da wakilcin ɓoye. Aikace-aikacen da aka shirya ta amfani da Buɗaɗɗen Enclav na iya aiki akan tsarin tare da aiwatarwa daban-daban. Daga cikin TEEs, Intel SGX kawai ake tallafawa a halin yanzu. Lambar don tallafawa ARM TrustZone yana kan haɓakawa. Game da tallafi , AMD PSP (Platform Security Processor) da AMD SEV (Secure Encryption Virtualization) ba a ruwaito ba.
- Jar hula ta mika aikin , wanda ke ba da wani yanki na abstraction don ƙirƙirar aikace-aikacen duniya don gudana a cikin ƙayyadaddun da ke goyan bayan mahallin TEE daban-daban, masu zaman kansu daga gine-ginen kayan aiki da ba da damar yin amfani da harsunan shirye-shirye daban-daban (ana amfani da lokacin aiki na tushen yanar gizo). A halin yanzu aikin yana goyan bayan fasahar AMD SEV da Intel SGX.
Daga cikin ayyukan da ba a kula da su ba, za mu iya lura da tsarin , wanda injiniyoyin Google suka inganta, amma samfurin Google da ke da goyan baya a hukumance. Tsarin yana ba ku damar daidaita aikace-aikace cikin sauƙi don matsar da wasu ayyukan da ke buƙatar ƙarin kariya zuwa gefen shinge mai kariya. Daga cikin hanyoyin keɓance kayan masarufi a cikin Asylo, Intel SGX kawai ake samun goyan baya, amma ana samun tsarin software don ƙirƙirar ƙaƙƙarfan ƙaƙƙarfan amfani da ƙima.
Ka tuna cewa an rufe (, Amintaccen Kisa Muhalli) ya ƙunshi tanadi ta hanyar mai sarrafa keɓaɓɓen yanki na musamman, wanda ke ba ku damar matsar da wani ɓangare na ayyukan aikace-aikacen da tsarin aiki zuwa wani yanayi daban, abubuwan ƙwaƙwalwar ajiya da lambar aiwatarwa waɗanda ba za a iya samun su ba daga babba. tsarin, ba tare da la'akari da matakin gata da ke akwai ba. Don aiwatar da su, aiwatar da algorithms na ɓoye daban-daban, ayyuka don sarrafa maɓallai da kalmomin shiga masu zaman kansu, hanyoyin tantancewa, da lambar don aiki tare da bayanan sirri za a iya matsar da su zuwa ga ɓoye.
Idan babban tsarin ya lalace, maharin ba zai iya tantance bayanan da aka adana a cikin mahallin ba kuma za'a iyakance shi ga mahaɗan software na waje kawai. Ana iya ɗaukar amfani da ƙaƙƙarfan kayan aikin a matsayin madadin amfani da hanyoyin bisa boye-boye ko , amma ba kamar waɗannan fasahohin ba, ƙaddamarwa ba ta da wani tasiri a kan ayyukan ƙididdiga tare da bayanan sirri kuma yana sauƙaƙe ci gaba.
source: budenet.ru