Linux Foundation na nguzobe nke otu njikọ , Ezubere ịzụlite teknụzụ mepere emepe na ụkpụrụ metụtara nhazi nchekwa nchekwa na mgbakọ nzuzo. Ụlọ ọrụ ndị dị ka Alibaba, Arm, Baidu, Google, IBM, Intel, Tencent na Microsoft abanyelarị ọrụ nkwonkwo ahụ, bụ ndị na-ezube ịrụkọ ọrụ ọnụ na ikpo okwu na-anọpụ iche iji mepụta teknụzụ maka ikewapụ data na ebe nchekwa n'oge usoro nhazi.
Ebumnuche kachasị bụ ịnye ụzọ iji kwado usoro nhazi data zuru oke n'ụdị ezoro ezo, na-enweghị ịchọta ozi n'ụdị mepere emepe na ọkwa nke onye ọ bụla. Mpaghara mmasị nke ndị otu ahụ gụnyere teknụzụ metụtara iji data ezoro ezo na usoro mgbakọ, ya bụ, iji mkpuchi dịpụrụ adịpụ, ụkpụrụ maka , ijikwa data ezoro ezo na ebe nchekwa yana kewapụ data zuru oke na ebe nchekwa (dịka ọmụmaatụ, iji gbochie onye na-ahụ maka sistemụ nnabata ịnweta data na ebe nchekwa nke sistemu ndị ọbịa).
E nyefeela ọrụ ndị a maka mmepe onwe ha dịka akụkụ nke Confidential Computing Consortium:
- Enyere Intel aka maka mmepe nkwonkwo na-aga n'ihu
components maka iji teknụzụ (Software Nche Extensions) na Linux, gụnyere SDK nwere ọtụtụ ngwaọrụ na ọba akwụkwọ. SGX tụrụ aro iji setịpụ ntuziaka nhazi pụrụ iche iji kenye mpaghara ebe nchekwa nkeonwe na ngwa ọkwa onye ọrụ, ọdịnaya nke ezoro ezo na enweghị ike ịgụ ma ọ bụ gbanwee ọbụlagodi kernel na koodu na-agba na ring0, SMM na ụdị VMM; - Microsoft nyefere usoro ahụ , na-enye gị ohere ịmepụta ngwa maka ụlọ ọrụ TEE dị iche iche (Trusted Execution Environment) site na iji otu API na ihe nnọchianya abstract. Ngwa a kwadebere site na iji Open Enclav nwere ike ịgba ọsọ na sistemu nwere mmejuputa mkpuchi dị iche iche. N'ime TEE, naanị Intel SGX na-akwado ugbu a. Koodu iji kwado ARM TrustZone nọ na mmepe. Banyere nkwado , AMD PSP (Platform Security Processor) na AMD SEV (Secure Encryption Virtualization) adịghị akọ.
- Red Hat nyefere ọrụ ahụ , nke na-enye oyi akwa abstraction maka ịmepụta ngwa zuru ụwa ọnụ ka ọ na-agba ọsọ na ntinye nke na-akwado gburugburu TEE dị iche iche, na-adabere na ụlọ ọrụ ngwaike na ikwe ka iji asụsụ mmemme dị iche iche (a na-eji oge ọsọ WebAssembly eme ihe). Ihe oru ngo a na-akwado AMD SEV na Intel SGX teknụzụ.
N'ime ọrụ ndị a na-eleghara anya, anyị nwere ike ịhụ usoro ahụ , nke a na-emepụta tumadi site Google engineer, ma ngwaahịa Google akwadoro nke ọma. Usoro ahụ na-enye gị ohere ịmegharị ngwa ngwa ngwa iji bugharịa ụfọdụ ọrụ nke chọrọ nchebe ka ukwuu n'akụkụ ebe nchekwa echekwara. N'ime usoro ikewapụ ngwaike dị na Asylo, naanị Intel SGX ka a na-akwado, mana usoro sọftụwia maka imepụta enclaves dabere na iji virtualization dịkwa.
Cheta na ihe mkpuchi ahụ (, Gburugburu ebe obibi ntụkwasị obi) na-agụnye ndokwa site na nhazi nke mpaghara pụrụ iche dịpụrụ adịpụ, nke na-enye gị ohere ịkwaga akụkụ nke ọrụ ngwa na sistemụ arụ ọrụ n'ime ebe dị iche iche, ihe nchekwa nchekwa na koodu executable nke enweghị ike ịnweta site na isi. usoro, n'agbanyeghị ọkwa nke ohere dịnụ. Maka ogbugbu ha, enwere ike ibuga mmejuputa algorithms nzuzo dị iche iche, ọrụ maka nhazi igodo na okwuntughe onwe, usoro nyocha na koodu maka ịrụ ọrụ na data nzuzo na enclave.
Ọ bụrụ na etinyere usoro isi ihe, onye na-awakpo agaghị enwe ike ikpebi ozi echekwara na enclave ma ọ ga-ejedebe naanị na ngwa ngwa mpụga. Ojiji nke ngwaike enclaves nwere ike na-ewere dị ka ihe ọzọ na ojiji nke ụzọ dabere na izo ya ezo ma ọ bụ , ma n'adịghị ka teknụzụ ndị a, enclave enweghị mmetụta ọ bụla na arụmọrụ nke mgbako na data nzuzo na-eme ka mmepe dị mfe.
isi: opennet.ru