Confidential Computing

This session will present an end-to-end scenario to support confidential computing on Arm (CCA). The first part will focus on a reference implementation stack that integrates firmware, operating system, virtual machine monitor and container environment on QEMU's SBSA platform. From there we will present the verifier that runs in the cloud to attest security claims generated by the reference stack. We will conclude by going over the tooling needed to compute initial Realm measurements and give an overview of a key broker proof-of-concept that works with the stack and verifier to deliver a secret payload.