ILinux Foundation isimemezele ukusungulwa kwe- Imfihlo Computing Consortium, inhloso yawo ukuthuthukisa ubuchwepheshe namazinga avulekile ahlobene nokuqhutshwa okuphephile kwedatha kwimemori nasekusebenziseni okuyimfihlo.
Izinkampani ezifana no-Alibaba, Arm, Baidu, Google, IBM, Intel, Tencent kanye neMicrosoft sezivele zijoyine iphrojekthi set, okuhloswe ngayo ukuthuthukisa ubuchwepheshe ukuhlukanisa idatha kwimemori ngesikhathi sokubala endaweni engathathi hlangothi. Inhloso enkulu ukuhlinzeka ngezimali zokugcina wonke umjikelezo wokucubungula idatha ngendlela ebetheliwe, ngaphandle kokuthola imininingwane efomini evulekile ezigabeni ezithile.
Izintshisekelo we-Consortium ikakhulu kufaka phakathi ubuchwepheshe obuhlobene nokusetshenziswa kwedatha ebetheliwe kunqubo yokubala, okungukuthi, ukusetshenziswa kwama-enclaves angawodwa, izivumelwano zekhompiyutha yamazwe amaningi, ukusetshenziswa kwemininingwane ebethelwe kwimemori nokuhlukaniswa ngokuphelele kwedatha kwimemori (ngokwesibonelo, ukuvimbela umphathi wezinhlelo zokubamba ukufinyelela kudatha kwimemori yezinhlelo zezivakashi).
Amaphrojekthi alandelayo afakiwe yentuthuko ezimele njengengxenye ye-Confidential Computing Consortium:
- I-Intel yathatha isinyathelo sokuqhubeka nokuthuthuka ngokubambisana kwe- izingxenye ezivulwe ngaphambilini zokusebenzisa ubuchwepheshe I-SGX (Izandiso zokuvikela isoftwareku-Linux, kufaka phakathi i-SDK enesethi yamathuluzi nemitapo yolwazi.
I-SGX iphakamisa ukusetshenziswa komyalo okhethekile weprosesa osethwe ukwaba izindawo zememori ezichaziwe zomsebenzisi ezivaliwe kuzinhlelo zokusebenza ezisezingeni lomsebenzisi ezinokuqukethwe okufihliwe futhi okungeke kufundwe futhi kuguqulwe ngisho nange-kernel nekhodi eyenziwe ngezindlela. i-ring0, i-SMM ne-VMM.
- IMicrosoft yethule uhlaka lwe-Open Enclav, que le ivumela ukudala izinhlelo zokusebenza zokwakhiwa okuhlukahlukene I-TEE (Imvelo Yokwenza Othenjwayo) isebenzisa i-API eyodwa kanye nokumelela okungaqondakali kwe-enclave. Uhlelo lokusebenza olulungiselelwe ukusebenzisa i-Open Enclav lungasebenza ezinhlelweni ezinokusetshenziswa okuningana kwe-enclave. Kusuka ku-TEE, okwamanje kusekelwa i-Intel SGX kuphela.
Ikhodi iyakhiwa ukuxhasa i-ARM TrustZone. Ukusekelwa kweKeystone, i-AMD PSP (iPratform Security Processor) ne-AMD SEV (Ukubethela Okuphephile Okuvikelekile) akubikwa. - I-Red Hat ihambise iphrojekthi ye-Enarx, enikezela ngesendlalelo sokukhipha ukudala izinhlelo zokusebenza zomhlaba wonke ezisebenza kuma-enclaves asekela izindawo eziningi ze-TEE, ezizimele ngokwakhiwa kwehardware, futhi ezivumela ukusetshenziswa kwezilimi eziningi zohlelo (kusetshenziswa isikhathi sokusebenza esisekelwe kwiWebAssembly). Le phrojekthi njengamanje isekela ubuchwepheshe be-AMD SEV kanye ne-Intel SGX.
Kumaphrojekthi afanayo anganakwa, kungabonakala uhlaka lwe-Asylo, olwenziwe ngokuyinhloko ngonjiniyela beGoogle, kepha ayinakho ukugunyazwa okusemthethweni kweGoogle.
Uhlaka lwenza kube lula ukuvumelanisa izinhlelo zokusebenza ukuhambisa okunye ukusebenza okudinga ukuvikelwa okukhulu ohlangothini lwe-enclave evikelwe. Ezinhlelweni zokuhlukaniswa kwe-Hardware e-Asylo, kusekelwa i-Intel SGX kuphela, kepha inqubo yekhabinethi esekwe kwisoftware iyatholakala.
Ngokwenza kwayo, ama-algorithm ahlukahlukene wokubethela, imisebenzi yokucubungula okhiye abazimele namaphasiwedi, izinqubo zokufakazela ubuqiniso, nekhodi yokusebenza ngedatha ebucayi ingahanjiswa kwi-enclave.
Uma kwenzeka kube khona ukuhlehla kohlelo lokusingathwa, umhlaseli ngeke akwazi ukuthola imininingwane egcinwe ku-enclave futhi kuzokhawulwa kuphela yi-interface yangaphandle yohlelo.
Ukusetshenziswa kwama-hardware enclaves kungathathwa njengenye indlela yokusebenzisa izindlela zokubethela ezenziwa nge-homomorphic noma izivumelwano zokubala eziyimfihlo ukuvikela izibalo, kepha Ngokungafani nalobu buchwepheshe, i-enclave ayinamphumela wokusebenza wezibalo ezinedatha ebucayi futhi yenza lula ukuthuthuka.
Umthombo: https://www.linuxfoundation.org