Devlore: Extending Arm CCA to Integrated Devices A Journey Beyond Memory to Interrupt Isolation

Andrin Bertschi,Supraja Sridhara,Friederike Groschupp,Mark Kuhne,Benedict Schlüter,Clément Thorens,Nicolas Dutly,Srdjan Capkun,Shweta Shinde
2024-08-12
Abstract:Arm Confidential Computing Architecture (CCA) executes sensitive computation in an abstraction called realm VMs and protects it from the hypervisor, host OS, and other co-resident VMs. However, CCA does not allow integrated devices on the platform to access realm VMs and doing so requires intrusive changes to software and is simply not possible to achieve securely for some devices. In this paper, we present Devlore which allows realm VMs to directly access integrated peripherals. Devlore memory isolation re-purposes CCA hardware primitives (granule protection and stage-two page tables), while our interrupt isolation adapts a delegate-but-check strategy. Our choice of offloading interrupt management to the hypervisor but adding correctness checks in the trusted software allows Devlore to preserve compatibility and performance. We evaluate Devlore on Arm FVP to demonstrate 5 diverse peripherals attached to realm VMs.
Cryptography and Security
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is: **How to enable the virtual machines (realm VMs) in Arm Confidential Computing Architecture (CCA) to directly access integrated devices while maintaining the security, performance, and functionality of CCA**. ### Specific background of the problem 1. **Limitations of Arm CCA**: - Arm CCA isolates sensitive computing by introducing two new worlds (realm and root) to protect it from the hypervisor, the host operating system, and other co - existing virtual machines. - However, CCA does not allow integrated devices to directly access realm VMs, which limits the functionality and flexibility of the devices. For example, in consumer electronics devices and cloud environments, applications usually need to use integrated devices (such as displays, sensors, integrated GPUs) to perform sensitive tasks (such as on - device inference or authentication). 2. **Deficiencies of existing solutions**: - One method is to create shared encrypted memory, but this requires modification of the device driver and is not ideal due to high performance overhead. - Another method is to manage device access through the hypervisor, but this will undermine the security guarantees of CCA. ### The solution proposed in the paper To overcome the above problems, the paper proposes **DEVLORE**, a CCA - based design that allows realm VMs to directly access integrated devices while ensuring that the confidentiality and integrity of VMs are not compromised. #### Main contributions 1. **Integrated device access**: - DEVLORE is the first work that allows Arm CCA - based VMs to directly access integrated devices while maintaining the security, performance, and functionality of CCA. 2. **Memory and interrupt isolation**: - Two Granule Protection Table (GPT) memory isolation methods are proposed, as well as a delegated - but - checked interrupt isolation strategy. Specifically: - **Memory isolation**: Use two GPTs to ensure that only authorized devices can access the VM's memory. - **Interrupt isolation**: Delegate interrupt management to the hypervisor, but check the hypervisor's behavior through trusted software to prevent malicious interrupt injection. 3. **Diverse device support**: - DEVLORE supports multiple types of devices to be connected to realm VMs without any modification to applications or device drivers. ### Conclusion Through these improvements, DEVLORE not only solves the problem of integrated device access but also ensures the security and performance of CCA, providing a solid foundation for future research and practical applications.