CoCo-AS：CNCF的首个保密计算认证解决方案 | KC23

CoCo-as: First Confidential Computing Attestation Solution of CNCF - Jia Le Zhang & Dave Chen

CoCo-AS：CNCF的首个保密计算认证解决方案 | CoCo-as: First Confidential Computing Attestation Solution of CNCF - Jia Le Zhang, Alibaba Cloud & Dave Chen, Arm Limited

你可能已经听说过保密容器（CoCo）——CNCF生态系统中的新星，旨在通过利用可信执行环境来保护容器和数据，实现云原生保密计算。该项目将为云原生用户提供一个信任模型，将云服务提供商（CSP）与客户应用程序分离，建立这种信任的关键在于如何使提供底层安全能力的核心——基于TEE的客户Pods——完全可验证。本演讲将向您介绍我们的远程验证服务系统——CoCo-AS，旨在解决这个关键问题。您可以从演讲中了解其技术架构和部署形式。本演讲还将演示如何以Arm CCA（Armv9-A架构的关键组件）作为TEE硬件平台的实际示例，在现场运行CoCo-AS。这将帮助您了解如何在CoCo-AS中启用特定的HW-TEE类型驱动程序。

You've probably heard about Confidential Containers (CoCo) - a new star in the CNCF ecosystem, which aims to enable cloud native confidential computing by leveraging Trusted Execution Environments to protect containers and data. This project will provide cloud native users with a trust model which separates Cloud Service Providers (CSPs) from guest applications, and the key to establishing this trust lies in how to make the core of providing underlying security capabilities--TEE based guest Pods--fully attestable. This speech will introduce to you our remote attestation service system--CoCo-AS, built to address this critical issue. You can learn about the technical architecture and deployment forms of it from the speech. This speech will also demonstrate how to run CoCo-AS on-site with Arm CCA (a key component of the Armv9-A architecture) as a practical example of a TEE hardware platform. This will help you understand how to enable a specific HW-TEE type driver in CoCo-AS.

CNCF概况（幻灯片）

扫描二维码联系我们！

CNCF (Cloud Native Computing Foundation)成立于2015年12月，隶属于Linux  Foundation，是非营利性组织。 

CNCF（云原生计算基金会）致力于培育和维护一个厂商中立的开源生态系统，来推广云原生技术。我们通过将最前沿的模式民主化，让这些创新为大众所用。请关注CNCF微信公众号。