I-Linux Foundation
Umgomo omkhulu uwukunikeza izindlela zokusekela umjikelezo ogcwele wokucutshungulwa kwedatha ngendlela ebethelwe, ngaphandle kokuthola ulwazi ngendlela evulekile ezigabeni ngazinye. Indawo ethakaselwayo ye-consortium ikakhulukazi ihlanganisa ubuchwepheshe obuhlobene nokusetshenziswa kwedatha ebethelwe enqubweni yekhompiyutha, okungukuthi, ukusetshenziswa kwe-enclave ehlukanisiwe, izivumelwano
Amaphrojekthi alandelayo adluliselwe ukuze athuthukiswe ezimele njengengxenye ye-Confidential Computing Consortium:
- I-Intel idluliselwe phambili ekuthuthukisweni okuhlangene
ivuliwe ngaphambilini
izingxenye zokusebenzisa ubuchwephesheI-SGX (Izandiso Zokuqapha Isofthiwe) ku-Linux, okuhlanganisa i-SDK enesethi yamathuluzi nemitapo yolwazi. I-SGX ihlongoza ukusebenzisa isethi yemiyalo yephrosesa ekhethekile ukwaba izindawo zememori yangasese kuzinhlelo zokusebenza ezisezingeni lomsebenzisi, okuqukethwe kwazo okubethelwe futhi okungakwazi ukufundwa noma ukuguqulwa ngisho ne-kernel kanye nekhodi esebenza ngezindlela ze-ring0, SMM ne-VMM; - I-Microsoft inikeze uhlaka
Vula i-Enclav , okukuvumela ukuthi udale izinhlelo zokusebenza zezakhiwo ezihlukahlukene ze-TEE (Trusted Execution Environment) usebenzisa i-API eyodwa kanye nokumelwa kwe-enclave abstract. Uhlelo lokusebenza olulungiselelwe kusetshenziswa i-Open Enclav lungasebenza kumasistimu anokufakwa okuhlukile kwe-enclave. Kuma-TEE, yi-Intel SGX kuphela esekelwayo njengamanje. Ikhodi yokusekela i-ARM TrustZone iyathuthukiswa. Mayelana nokusekelaKeystone , i-AMD PSP (I-Platform Security Processor) kanye ne-AMD SEV (I-Virtual Encryption Virtualization) azibikwa. - I-Red Hat inikeze iphrojekthi
Enarx , esihlinzeka ngesendlalelo esishubile sokudala izinhlelo zokusebenza ezisebenza endaweni yonke ukuze zisebenze kuma-enclave asekela izindawo ezihlukahlukene ze-TEE, ezizimele zezakhiwo zehadiwe futhi okuvumela ukusetshenziswa kwezilimi ezihlukahlukene zokuhlela (kusetshenziswa isikhathi sokusebenza esisekelwe ku-WebAssembly). Iphrojekthi okwamanje isekela ubuchwepheshe be-AMD SEV kanye ne-Intel SGX.
Phakathi kwamaphrojekthi afanayo anganakwa, singaluphawula uhlaka
Khumbula ukuthi i-enclave (
Uma isistimu eyinhloko isengozini, umhlaseli ngeke akwazi ukunquma ulwazi olugcinwe ku-enclave futhi uzokhawulelwa kuphela kusixhumi esibonakalayo sesofthiwe sangaphandle. Ukusetshenziswa kwe-hardware enclaves kungabhekwa njengenye indlela yokusetshenziswa kwezindlela ezisekelwe
Source: opennet.ru