Intel has announced the general availability of its first Trust Authority attestation services. The services are the result of the company’s Project Amber initiative announced last year, and they are designed to support confidential computing deployments.
Attestation services are a means to confirm the trustworthiness of the operating system and application software. Intel Trust Authority does so in confidential computing environments by assessing secure enclave integrity and enforcing security policies. It works in multiple cloud, hybrid, on-premises, and edge networks, Intel claimed in a blog post.
What is confidential computing?
Confidential computing is the process of isolating sensitive data payloads with hardware-based memory protections. This is typically done through hardware-based trusted execution environments (TEEs) that, with operating system support, help secure data in use. Intel’s Software Guard Extensions (SGX) available on the Intel Xeon Scalable platform is one example of a TEE. SGX is a secure area of Intel Xeon processors that allows for the allocation of private memory regions, called secure enclaves, to help prevent processes from running at higher privilege levels. The goal is to isolate data and code to prevent unauthorized access.
TEE-enabled operating systems include Apple’s iOS Secure Enclave, Google Trusty, Trustonic Kinibi, and Qualcomm QTEE. Most processor manufacturers have their own TEE implementations, including AMD’s Platform Security Processor (PSP), ARM TrustZone, and IBM Secure Service Container.
What Intel Trust Authority offers today
With the initial launch, Intel Trust Authority provides attestation services for trusted execution environments that its own SGX and Intel Trust Domain Extensions (TDX) enable. However, “Our vision is that [Trust Authority] will ultimately contribute to the integrity of the entire digital ecosystem,” Anil Rao, Intel’s VP and general manager of systems architecture and engineering, said in a blog post. “With Intel Trust Authority, organizations can implement the NIST recommendations for a zero-trust architecture across a variety of deployments: from on-premises to hybrid and multiple clouds to the edge–all without incurring the cost and complexity of building their own attestation service. This SaaS redefines trust by providing objective, third-party verification of the authenticity and integrity of confidential computing environments and workloads.”
The company chose attestation as the first Trust Authority service because of customer demand, Rao said in a press briefing. Intel’s customers wanted the protections that attestation provides “in an operator-independent and auditable manner to support their zero-trust strategies,” he said, citing the need for compliance with global regulations as one driving factor.