Sakul Gupta | Sr. Principal Firmware Security Engineer
Micron Technology

Future of Memory and Storage - Day 3 @ 09:15

Orchestrating Confidential Compute using OCP Secure Boot, Attestation and CXL IDE, TSP

Confidential Compute (CC) completes the trifecta of data and code Protection - while in use via Trusted Execution Environments (TEEs). It ensures the ‘CIA’ Confidentiality Integrity and Authenticity, during data processing for secure and privacy-preserving computing. The key enablers of CC include Secure Boot, Attestation - DMTF SPDM, Memory Encryption.Data center industry’s goal is to make CC ubiquitous, to minimize performance hit / friction, for wider and seamless, reliable FW / SW updates and adoption.CC using HW-based, attested TEEs, protects sensitive data and code against threats during data execution.It allows for the protection of data in use, even against an adversarial platform owner.This is achieved through, Hardware-based isolation (e.g., Intel SGX, AMD SEV, CXL TE bits, ARM Realms CCA), attestation to verify the integrity of the TEE before use. Orchestration of CC over memory fabric is also done.CXL TSP defines mechanisms to include CXL memory devices within the TEE. CXL tracks cache coherence at the cache line level, 64 bytes.The talk will go into security requirements and behaviors that are used to support CC use cases and cover architecture and design of CC.

Sakul Gupta, Sr. Principal Firmware Security Engineer, Micron Technology

×

Sakul Gupta / Orchestrating Confidential Compute using OCP Secure Boot, Attestation and CXL IDE, TSP

Sakul Gupta, Sr. Principal Firmware Security Engineer,
Micron Technology

Sakul Gupta, is a Sr. Principal Security Firmware, Member Of Technical Staff at Micron Technology Inc, leading Secure Enclave firmware development on CXL DDR memory controllers and contributes to SSD security. He provides thought leadership from Micron to forums like the various memory and storage...

CloseMore