1、基于Intel TDX和龙蜥社区开源方案构建Confidential MaaS英特尔中国高级工程师朱运阁阿里云技术专家孙维东Intel TDX:AI时代的可验证安全底座Data Security Challenge in the AI EraAI时代数据安全挑战全栈运维复杂业务创新受限硬件沉没成本高算力利用率低集群单点故障算力不足从本地计算到云计算优势顾虑Pay-As-You-Go海量算力弹性供给高效迭代敏捷部署私有模型窃取微调数据集泄露提示词隐私泄露Data Protection Across the Entire Lifecycle数据全生命周期保护数据计 算Data in Use存 储D
2、ata at Rest传 输Data in Transit机密计算:通过硬件加密并隔离受保护的内存、数据,实现数据“可用不可见”云盘、镜像、快照加密传输层安全性协议(TLS)、HTTPS机密虚拟化:Intel TDX 通用机密计算通用机密计算异构机密计算异构机密计算安全隔离:硬件级虚拟机隔离,可针对未经授权的访问提供强大的数据保护,从而确保数据的机密性和完整性。机密保护:禁止未经授权或更改的软件加载和访问机密数据。将云服务提供商、系统特权软件排除在可信基之外。远程认证:允许客户远程验证其可信域运行环境的真实性和完整性,确认硬件和软件配置及策略符合预期。安全特性Intel TDX Connect
3、 构建更快、更安全的可信执行环境CPU TEETDISPDeviceDevice TEEPCIe IDE Encryption LinkLegacy VMTDVM(TVM)Host VMMVFPFTDX Module(TSM)VMX Non-RootVMX RootSEAM Non-RootSEAM RootSEAM CALLTDVM CALLIOMMUTDIDSMPCIeDOEIDE_KMTDISP(TEE-IO Device Interface Security Protocol)Secure SPDM SessionSelective IDE StreamTEE DMA/P2PTEE M
4、MIOEP IDERC IDEBridges,SwitchesUntrustTDX 开源生态Open-source CommunityBinary signed by Intel with source code publicIntel Xeon Processor(SGX,TDX,MKTME)SEAMLDRTDX ModuleHost PlatformHost OSKVMQEMUHypervisorLinux KernelBIOSAttestation Host SW (TD QE,PCE)Intel Provision Certification Service Intel Registr
5、ation ServiceIntel Remote Attestation InfrastructureQvE(Quote Verification Enclave&Library)Provision Certification Cache Service(PCCS)3rdParty Attestation InfrastructureCloud HypervisorService TDTD VM(IaaS)TD CoCo(CaaS/PaaS)TDVF (Guest BIOS)Linux Guest KernelUser ApplicationsTD-SHIM (Guest BIOS)Linu
6、x Guest KernelKata Agent User ContainerTDVF (Guest BIOS)Linux Guest KernelUser ApplicationsTDVF (Guest BIOS)Linux Guest KernelUser ApplicationsTD-SHIM (Guest BIOS)Linux Guest KernelKata Agent User ContainerTD-SHIM(Guest BIOS)Linux Guest KernelKata Agent User ContainersPodTD RTs,e.g.,UniKernelTEE-OS/