Linux Foundation ntawm kev tsim ib lub koom haum , tsom rau kev tsim cov thev naus laus zis qhib thiab cov qauv ntsig txog kev ruaj ntseg hauv kev ua haujlwm nco thiab kev suav tsis pub lwm tus paub. Qhov kev sib koom ua ke twb tau koom nrog cov tuam txhab xws li Alibaba, Arm, Baidu, Google, IBM, Intel, Tencent thiab Microsoft, uas npaj siab ua haujlwm ua ke ntawm lub nruab nrab nruab nrab los tsim cov thev naus laus zis rau kev cais cov ntaub ntawv hauv kev nco thaum lub sijhawm suav.
Lub hom phiaj ntawm qhov kawg yog los muab txoj hauv kev los txhawb lub voj voog tag nrho ntawm kev ua cov ntaub ntawv hauv daim ntawv encrypted, tsis pom cov ntaub ntawv qhib rau ntawm tus kheej theem. Consortium thaj tsam ntawm kev txaus siab feem ntau suav nrog cov thev naus laus zis ntsig txog kev siv cov ntaub ntawv encrypted hauv cov txheej txheem suav, uas yog, kev siv cov enclaves cais, cov txheej txheem rau , manipulation ntawm encrypted cov ntaub ntawv nyob rau hauv lub cim xeeb thiab ua kom tiav kev sib cais ntawm cov ntaub ntawv nyob rau hauv lub cim xeeb (piv txwv li, tiv thaiv tus tswv system tus thawj tswj los ntawm kev nkag tau cov ntaub ntawv nyob rau hauv lub cim xeeb ntawm cov qhua systems).
Cov haujlwm hauv qab no tau raug xa mus rau kev txhim kho kev ywj pheej raws li ib feem ntawm Confidential Computing Consortium:
- Intel tau xa mus rau kev txhim kho txuas ntxiv
cov khoom siv rau kev siv tshuab (Software Guard Extensions) ntawm Linux, suav nrog SDK nrog cov cuab yeej thiab cov tsev qiv ntawv. SGX thov kom siv cov txheej txheem tshwj xeeb cov lus qhia los faib cov chaw nco ntiag tug rau cov neeg siv cov ntawv thov, cov ntsiab lus uas tau muab zais thiab tsis tuaj yeem nyeem lossis hloov kho txawm tias los ntawm cov ntsiav thiab cov lej khiav hauv ring0, SMM thiab VMM hom; - Microsoft tau muab lub moj khaum , tso cai rau koj los tsim cov ntawv thov rau ntau yam TEE (Trusted Execution Environment) architectures siv ib qho API thiab cov sawv cev paub daws teeb. Ib daim ntawv thov npaj siv Open Enclav tuaj yeem khiav ntawm cov tshuab nrog cov kev siv sib txawv. Ntawm TEEs, tsuas yog Intel SGX tam sim no txhawb nqa. Code los txhawb ARM TrustZone tab tom txhim kho. Hais txog kev txhawb nqa , AMD PSP (Platform Security Processor) thiab AMD SEV (Secure Encryption Virtualization) tsis tau tshaj tawm.
- Red Hat tau muab qhov project , uas muab cov txheej txheem abstraction los tsim cov ntawv thov thoob ntiaj teb kom khiav hauv cov kab ke uas txhawb nqa ntau yam TEE ib puag ncig, ywj siab ntawm cov khoom siv kho vajtse thiab tso cai rau siv ntau yam lus programming (WebAssembly-based runtime yog siv). Txoj haujlwm tam sim no txhawb nqa AMD SEV thiab Intel SGX thev naus laus zis.
Ntawm cov haujlwm zoo sib xws uas tau saib dhau los, peb tuaj yeem nco txog lub moj khaum , uas yog tsim los ntawm Google engineers, tab sis ib qho kev txhawb nqa Google cov khoom lag luam. Lub moj khaum tso cai rau koj kom yooj yim hloov cov ntawv thov kom txav qee qhov kev ua haujlwm uas yuav tsum tau muaj kev tiv thaiv ntxiv mus rau sab ntawm kev tiv thaiv enclave. Ntawm cov cuab yeej kho vajtse cais tawm hauv Asylo, tsuas yog Intel SGX tau txais kev txhawb nqa, tab sis cov txheej txheem software rau kev tsim cov enclaves raws li kev siv virtualization kuj muaj.
Nco qab tias lub enclave (, Trusted Execution Environment) koom nrog kev muab los ntawm processor ntawm ib cheeb tsam tshwj xeeb cais, uas tso cai rau koj tsiv mus nyob ib feem ntawm lub functionality ntawm daim ntaub ntawv thiab cov kev khiav hauj lwm qhov system mus rau hauv ib tug nyias muaj nyias ib puag ncig, lub cim xeeb ntsiab thiab executable code nyob rau hauv uas yog siv tsis tau los ntawm lub ntsiab. system, tsis hais txog qib ntawm cov cai muaj. Rau lawv qhov kev ua tiav, kev siv ntau yam encryption algorithms, kev ua haujlwm rau kev ua cov yuam sij ntiag tug thiab cov passwords, cov txheej txheem kev lees paub, thiab cov cai rau kev ua haujlwm nrog cov ntaub ntawv tsis pub lwm tus paub tuaj yeem txav mus rau hauv lub enclave.
Yog tias lub kaw lus tseem ceeb raug cuam tshuam, tus neeg tawm tsam yuav tsis tuaj yeem txiav txim siab cov ntaub ntawv khaws cia hauv lub enclave thiab tsuas yog txwv rau sab nraud software interface. Kev siv cov khoom siv kho vajtse tuaj yeem suav tias yog lwm txoj hauv kev siv cov txheej txheem raws li encryption los yog , tab sis tsis zoo li cov thev naus laus zis no, lub koom haum tsis muaj txiaj ntsig zoo rau kev ua haujlwm ntawm kev suav nrog cov ntaub ntawv tsis pub lwm tus paub thiab ua kom yooj yim rau kev txhim kho.
Tau qhov twg los: opennet.ru