# Supporting Confidential Computing on Arm with Open Source > [! note]- > The content of this page is generated by audio/video transcription and text transformation from the content and links of this source. Source: [https://fosdem.org/2025/schedule/event/fosdem-2025-5761-supporting-confidential-computing-on-arm-with-open-source-software/](https://fosdem.org/2025/schedule/event/fosdem-2025-5761-supporting-confidential-computing-on-arm-with-open-source-software/) <video src="https://video.fosdem.org/2025/k4401/fosdem-2025-5761-supporting-confidential-computing-on-arm-with-open-source-software.av1.webm" controls></video> ## Summary & Highlights: **Overview of Confidential Computing on Arm** This session explores the use of open source software to support confidential computing on Arm platforms. The focus is on a reference implementation stack that integrates various components like firmware, operating system, and virtual machine monitor, demonstrating how these elements work together to ensure security and confidentiality. **Key Components and Tools** The session highlights the use of QEMU's SBSA platform for virtual environments and discusses the role of the verifier running in the cloud to attest security claims. Tools such as the CCA workload attestation and realm measurement tool are crucial for measuring and validating the security of virtual machines. **Application and Integration** The presentation covers the integration of these components into a cohesive system, emphasizing the open source nature of the tools and the absence of proprietary elements. The potential for these technologies to be adapted for broader use in cloud environments and their compatibility with other architectures is also discussed. **Future Developments and Challenges** Looking forward, the session outlines ongoing work in areas such as memory encryption, container integration, and device assignment. These developments aim to enhance the security and functionality of confidential computing on Arm, with a focus on creating non-Arm specific solutions. ## Importance for an eco-social transformation The session's focus on open source software for confidential computing is significant for eco-social transformation as it promotes transparency and community engagement. By using open source tools, eco-social designers can develop secure, sustainable systems that respect user privacy and data integrity. The challenge lies in integrating these solutions into existing infrastructures and overcoming technical and political hurdles related to security and data protection. ## Slides: | | | | --- | --- | | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_001.jpg\|300]] | The first slide introduces the session's theme of supporting confidential computing on Arm using open source software, highlighting the speed and efficiency of Arm solutions. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_002.jpg\|300]] | This slide outlines the collaborative effort between Linaro, Arm, and the Linaro Data Center Group to support confidential computing on Arm platforms, with links to projects and demonstration software provided. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_003.jpg\|300]] | The third slide continues to discuss the collaborative nature of the project and the role of different partners in achieving the session's goals for confidential computing. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_004.jpg\|300]] | This slide describes the CCA-aware reference software stack, including components like QEMU, Trusted Firmware, and various virtual machines, emphasizing the open source nature of the stack. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_005.jpg\|300]] | The slide explains the verifier built with Project Veraison, which can run locally or in the cloud, and is pre-populated with an attestation token matching the Trusted Firmware-A. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_006.jpg\|300]] | This slide covers the key broker demonstration, part of Project Veraison, showing its role in an end-to-end confidential computing scenario with options for local or cloud-based verification. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_007.jpg\|300]] | The slide lists noteworthy tools such as the CCA workload attestation and realm measurement tool, which are part of Project Veraison and help compute secure VM measurements. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_008.jpg\|300]] | This slide presents an overview of the CCA end-to-end scenario, emphasizing the open source nature of the components and the absence of proprietary binaries. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_009.jpg\|300]] | The slide outlines the steps to integrate the components, including starting a Realm VM, starting the key broker service, and requesting a secret payload. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_010.jpg\|300]] | This slide focuses on acquiring, building, and running the CCA reference stack, with instructions for extracting the CCA attestation token. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_011.jpg\|300]] | The slide details the process of acquiring and building the key broker server, and starting the service with the Realm's RIM. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_012.jpg\|300]] | This slide describes the process of requesting a secret payload from the key broker within the Realm VM. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_013.jpg\|300]] | The slide explains the sequence of actions in the confidential computing scenario, from retrieving the CCA attestation token to decrypting the payload. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_014.jpg\|300]] | This slide provides links to resources and projects related to the session, including the CCA-aware reference stack and Project Veraison. | ![[FOSDEM 2025/assets/Supporting-Confidential-Computing-on-Arm-with-Open/preview_015.jpg\|300]] | The final slide opens the floor for questions, acknowledging the complexity of the information presented in a short time. ## Links [FOSDEM 2025 Presentation Slides](https://fosdem.org/2025/events/attachments/fosdem-2025-5761-supporting-confidential-computing-on-arm-with-open-source-software/slides/237899/FOSDEM25_GgpcRtM.pdf) [Project Veraison](https://github.com/veraison) [Remote Attestation Procedures (RATS) Architecture](https://www.ietf.org/rfc/rfc9334.html) [Key Broker Demonstration](https://github.com/veraison/keybroker-demo) [CCA workload attestation PoC](https://tinyurl.com/25oba4cq) [CCA realm measurement tool](https://github.com/veraison/cca-realm-measurements)