Build a CSV confidential computing environment on g7h instances

更新时间:
复制 MD 格式

This topic describes how to build a confidential computing environment on an ECS instance that uses Hygon China Secure Virtualization (CSV), referred to as a CSV instance. It also shows you how to run sample code to verify the CSV feature.

Background

The CPU hardware encrypts and protects the runtime state of a CSV instance, such as memory data. This prevents cloud providers and external attackers from monitoring or tampering with the instance's internal state, such as running processes or sensitive data. For more information about the Hygon CSV technology, see Hygon Arch.

You can migrate existing applications to CSV instances to gain CSV protection without re-developing them.

Create a CSV instance

Note

Currently, only the g7h instance family supports the CSV feature. For more information, see g7h general-purpose instance family.

Console

Creating a CSV instance on the console is similar to creating a regular instance. This section highlights only the specific settings required for a CSV instance. For information about other general settings, see Create an instance on the Custom Launch tab.

  1. Go to ECS console - Instances.

  2. In the upper-left corner of the page, select a region and resource group.地域

  3. Click Create Instance and configure the following parameters.

    Parameter

    Description

    Instance Type

    Only the following g7h instance types support the CSV feature.

    • ecs.g7h.2xlarge

    • ecs.g7h.4xlarge

    • ecs.g7h.8xlarge

    • ecs.g7h.16xlarge

    Image

    Select the Confidential VM checkbox and select the Alibaba Cloud Linux 3.2104 LTS 64-bit image.

  4. Follow the on-screen instructions to complete the instance creation.

API

You can call the RunInstances operation to create an instance. The following table describes the key parameters.

Parameter

Description

Example

InstanceType

Select an instance type that supports the CSV feature. The supported instance types are:

  • ecs.g7h.2xlarge

  • ecs.g7h.4xlarge

  • ecs.g7h.8xlarge

ecs.g7h.2xlarge

ImageId

Specify the ID of an image that supports CSV instances. Currently, only the following image is supported:

Alibaba Cloud Linux 3.2104 LTS 64-bit UEFI edition

aliyun_3_x64_20G_alibase_20241218.vhd

SecurityOptions.ConfidentialComputingMode

Configure the confidential computing mode.

CSV

Verify CSV status

Before using the CSV confidential computing environment, we recommend verifying the instance's CSV status to ensure it is protected.

  1. Verify that CSV is enabled.

    MSR

    Access the CSV_STATUS model-specific register (MSR) at 0xC0010131 to check if the CSV feature is enabled. This MSR is read-only, and the hypervisor cannot intercept access to it. Run the following commands to perform the check:

    sudo yum install msr-tools
    sudo rdmsr 0xC0010131 --bitfield 1:0

    The following figure indicates that CSV is enabled.

    image.png

    Kernel logs

    On a CSV-enabled instance, the kernel prints a log entry after completing the check. Run the following command to view the log:

    dmesg | grep SEV

    The following figure indicates that CSV is enabled.

    image.png

  2. Check the installation of the CSV driver.

    sudo modprobe csv-guest
    ls -l /dev/csv-guest

    The following figure indicates that the CSV driver is installed.

    image.png

Set up and verify CSV features

Note

Typically, applications running in a non-CSV environment can be migrated directly to a CSV instance without additional development. You can use a CSV instance just like a regular instance. However, to take full advantage of the security capabilities that CSV provides and better protect your instance, Alibaba Cloud recommends that you use the confidential VM features described in this section.

The Hygon Platform Security Processor (PSP) hardware directly generates a CSV attestation report, a data structure that represents the identity of the CSV instance. This report, whose integrity is cryptographically protected, contains key information such as the instance policy (POLICY), UserData, and virtual machine digest (DIGEST). Alibaba Cloud provides a sample tool that you can use to quickly generate and verify a CSV attestation report.

  1. Download the remote attestation sample tool provided by Alibaba Cloud.

    wget https://enclave-cn-hangzhou.oss-cn-hangzhou.aliyuncs.com/csv/requirements.txt
    wget https://enclave-cn-hangzhou.oss-cn-hangzhou.aliyuncs.com/csv/csv-attestation.py
    sudo pip3 install -r requirements.txt
    chmod +x ./csv-attestation.py

    The following figure shows the output, which indicates that the remote attestation sample tool is installed.

    image.png

  2. Generate a remote attestation report for the local instance.

    sudo ./csv-attestation.py generate -r ./

    The following figure shows the output. The remote attestation report is saved to a file named report in the current directory.

    image.png

  3. Verify the remote attestation report.

    sudo ./csv-attestation.py verify -r ./report

    The following figure shows the sample output. In the POLICY field, NODEBUG indicates that the CSV instance is not in debugging mode, and NOKS indicates that the VM's encryption key is exclusive to this instance, meaning it is in a secure, protected mode.

    image.png

  4. Generate a remote attestation report with specific UserData.

    When you generate a remote attestation report, you can specify UserData to include custom data in the report.

    sudo ./csv-attestation.py generate -r ./ -u your-data-like-pubkey-digest

    image.png

Known limitations

  • Enabling the CSV feature encrypts the ECS instance's memory data using the CPU hardware. This process introduces slight performance overhead compared to regular ECS instances.

  • Image limitations:

    • Only the Alibaba Cloud Linux 3.2104 LTS 64-bit UEFI edition image is supported, and the kernel version must be 5.10.134-16.al8.x86_64 or later.

    • Windows is not supported.

  • Known issues with the Linux guest kernel SWIOTLB buffer:

    • Less memory is visible to the OS compared to a regular instance. A TDX instance reserves unencrypted memory (SWIOTLB) for peripheral communication. By default, this area is 6% of available memory, up to 1 GiB.

    • Attaching multiple elastic network interfaces (ENIs) to a large instance may cause a crash due to insufficient SWIOTLB memory in multi-queue network card scenarios. Stop the instance on the console and detach ENIs to recover.

    • High-I/O workloads may experience performance degradation from insufficient SWIOTLB. Check with:

      dmesg| grep 'swiotlb buffer is full'
      Important

      Incorrect SWIOTLB settings may cause boot failure. Create a snapshot before proceeding so you can roll back if errors occur.

      If this issue occurs, increase the SWIOTLB size:

      • Set the SWIOTLB size to 1 GiB.

        grubby --update-kernel=ALL --args=swiotlb=524288
      • For kernel versions later than 5.10.134-18.al8.x86_64, add the any parameter to support larger SWIOTLB sizes:

        grubby --update-kernel=ALL --args=swiotlb=2097152,any   # Sets SWIOTLB to 4 GiB.
        Note

        Calculate the SWIOTLB parameter value: Target size (in MiB) × 512. See The kernel's command-line parameters.