Linux Foundation pa kukhazikitsidwa kwa consortium , yomwe cholinga chake ndi kupanga matekinoloje otseguka ndi miyezo yokhudzana ndi kusungidwa kwa kukumbukira kukumbukira ndi makompyuta achinsinsi. Ntchitoyi idalumikizidwa kale ndi makampani monga Alibaba, Arm, Baidu, Google, IBM, Intel, Tencent ndi Microsoft, omwe akufuna kugwirira ntchito limodzi papulatifomu yopanda ndale kuti apange matekinoloje olekanitsa deta pamakumbukidwe pakompyuta.
Cholinga chachikulu ndikupereka njira zothandizira kukonzanso kwa deta mumtundu wa encrypted, popanda kupeza zambiri m'mawonekedwe otseguka pazigawo zosiyanasiyana. Dera lachidwi la consortium limaphatikizapo matekinoloje okhudzana ndi kugwiritsa ntchito deta yobisika pamakompyuta, mwachitsanzo, kugwiritsa ntchito ma enclaves akutali, ma protocol a , kusokoneza deta yosungidwa m'makumbukiro ndi kudzipatula kwathunthu kwa deta mu kukumbukira (mwachitsanzo, kuteteza woyang'anira dongosolo kuti asapeze deta pokumbukira machitidwe a alendo).
Ntchito zotsatirazi zasamutsidwa kuti zizitukuka ngati gawo la Confidential Computing Consortium:
- Intel idaperekedwa kuti apitilize chitukuko cholumikizana
zida zogwiritsira ntchito teknoloji (Software Guard Extensions) pa Linux, kuphatikiza SDK yokhala ndi zida ndi malaibulale. SGX ikufuna kugwiritsa ntchito malangizo apadera a purosesa kuti agawire madera achinsinsi pakugwiritsa ntchito kwa ogwiritsa ntchito, zomwe zili mkati mwake ndizobisika ndipo sizingawerengedwe kapena kusinthidwa ngakhale ndi kernel ndi code yomwe ikuyenda mumitundu ya ring0, SMM ndi VMM; - Microsoft idapereka chimango , kukulolani kuti mupange mapulogalamu amitundu yosiyanasiyana ya TEE (Trusted Execution Environment) pogwiritsa ntchito API imodzi ndi kuyimira kwachinsinsi. Pulogalamu yokonzedwa pogwiritsa ntchito Open Enclav imatha kugwira ntchito pamakina omwe ali ndi ma enclave osiyanasiyana. Mwa ma TEE, Intel SGX yokha ndiyomwe imathandizidwa. Khodi yothandizira ARM TrustZone ikukula. Za thandizo , AMD PSP (Platform Security processor) ndi AMD SEV (Secure Encryption Virtualization) sizinafotokozedwe.
- Red Hat adapereka ntchitoyi , yomwe imapereka chiwongolero chopanga mapulogalamu apadziko lonse lapansi kuti azigwira ntchito m'mabwalo omwe amathandizira madera osiyanasiyana a TEE, osadalira kamangidwe ka ma hardware komanso kulola kugwiritsa ntchito zilankhulo zosiyanasiyana zamapulogalamu (WebAssembly-based runtime imagwiritsidwa ntchito). Ntchitoyi pakadali pano imathandizira ukadaulo wa AMD SEV ndi Intel SGX.
Pakati pa mapulojekiti ofanana omwe ananyalanyazidwa, tikhoza kuona dongosolo , yomwe imapangidwa makamaka ndi akatswiri a Google, koma chinthu chothandizidwa ndi Google. Chimangocho chimakulolani kuti musinthe mosavuta mapulogalamu kuti musunthire zina mwazochita zomwe zimafuna chitetezo chowonjezereka kumbali ya enclave yotetezedwa. Mwa njira zodzipatula za Hardware ku Asylo, Intel SGX yokha ndiyomwe imathandizidwa, koma njira yamapulogalamu yopangira ma enclaves potengera kugwiritsa ntchito virtualization imapezekanso.
Kumbukirani kuti gulu (, Trusted Execution Environment) imaphatikizapo kuperekedwa ndi purosesa ya malo apadera akutali, omwe amakulolani kuti musunthe gawo la magwiridwe antchito ndi makina ogwiritsira ntchito kumalo osiyana, zomwe zili mkati mwa kukumbukira ndi code executable yomwe simungapezeke kuchokera kumagulu akuluakulu. dongosolo, mosasamala kanthu za mwayi womwe ulipo. Kuti aphedwe, kukhazikitsidwa kwa ma aligorivimu osiyanasiyana obisa, ntchito zosinthira makiyi achinsinsi ndi mawu achinsinsi, njira zotsimikizira, ndi ma code ogwirira ntchito ndi zinsinsi zitha kutumizidwa ku enclave.
Ngati dongosolo lalikulu likuphwanyidwa, wowukirayo sangathe kudziwa zomwe zasungidwa mu enclave ndipo zidzangokhala ndi mawonekedwe akunja a mapulogalamu. Kugwiritsiridwa ntchito kwa hardware enclaves kungaganizidwe ngati njira ina yogwiritsira ntchito njira zochokera encryption kapena , koma mosiyana ndi matekinolojewa, enclave ilibe mphamvu pakuchita kuwerengera ndi deta yachinsinsi ndipo imapangitsa kuti chitukuko chikhale chosavuta.
Source: opennet.ru