Intel has recently announced the general availability of its Trust Authority attestation services, a significant milestone in their Project Amber initiative. These services, aimed at supporting confidential computing deployments, enable the confirmation of the trustworthiness of the operating system and application software.
Attestation services play a critical role in ensuring the integrity and security of confidential computing environments. By assessing secure enclave integrity and enforcing security policies, Intel Trust Authority ensures the authenticity of these environments. This service is compatible with various cloud, hybrid, on-premises, and edge networks.
Confidential computing involves isolating sensitive data payloads using hardware-based memory protections. Trusted execution environments (TEEs) are crucial in this process. TEEs, such as Intel’s Software Guard Extensions (SGX), provide hardware-backed security measures and protect data in use. SGX, available on the Intel Xeon Scalable platform, allocates private memory regions called secure enclaves to prevent unauthorized access.
Several TEE-enabled operating systems, including Apple’s iOS Secure Enclave, Google Trusty, Trustonic Kinibi, and Qualcomm QTEE, exist in the market. CPU manufacturers like AMD, ARM, and IBM also have their own TEE implementations.
With the launch of Intel Trust Authority, the company initially offers attestation services for TEEs enabled by Intel SGX and Intel Trust Domain Extensions (TDX). However, Intel’s vision is to expand Trust Authority’s capabilities to contribute to the integrity of the entire digital ecosystem. Anil Rao, Intel’s Vice President and General Manager of Systems Architecture and Engineering, emphasizes that Trust Authority enables organizations to implement a zero-trust architecture across various deployments without the complexities and costs of building their own attestation service.
The decision to prioritize attestation services was driven by customer demand. Rao explained that Intel’s customers sought operator-independent and auditable protection to support their zero-trust strategies, motivated by the need for compliance with global regulations.
Intel’s Trust Authority attestation services offer several benefits. By providing third-party verification of the authenticity and integrity of confidential computing environments and workloads, Trust Authority redefines trust in the digital landscape. Organizations can implement the National Institute of Standards and Technology (NIST) recommendations for zero-trust architecture without undertaking the burden of developing their own attestation service. This Software-as-a-Service (SaaS) solution ensures compliance, enhances security, and simplifies the deployment of confidential computing.
In conclusion, Intel’s release of Trust Authority attestation services represents a significant advancement in the realm of confidential computing. By addressing the trustworthiness of operating systems and application software in secure environments, Intel is paving the way for enhanced security and compliance in various computing deployments. With the aim of expanding Trust Authority’s capabilities, Intel aims to establish itself as a trusted provider of objective third-party verification in the digital ecosystem.