Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

virtCCA: Virtualized Arm Confidential Compute Architecture with TrustZone

Xiangyi Xu, Wenhao Wang, Yongzheng Wu, Chenyu Wang, Huifeng Zhu, Haocheng Ma, Zhennan Min, Zixuan Pang, Rui Hou, Yier Jin

TL;DR

This work presents virtCCA, a virtualized realization of ARM's Confidential Compute Architecture that runs cVMs on existing TrustZone hardware. By introducing a small trusted monitor (TMM) and a host hypervisor in the normal world, virtCCA achieves CCA API compatibility on platforms with and without S-EL2, using memory and I/O isolation mechanisms such as per-cVM secure memory, a bounce buffer, and software-emulated interrupt/MMIO paths. The authors implement virtCCA on real ARM servers, integrate it with ATF, RMM, QEMU/KVM, and a testing framework, and evaluate with micro- and macro-benchmarks showing acceptable overhead, notably better performance when S-EL2 is unavailable. They also outline a practical path for extending virtCCA to device passthrough and heterogeneous TEEs, indicating significant potential for confidential cloud deployments even before hardware CCA becomes widely available. Overall, virtCCA demonstrates that confidential computing can be realized on commodity ARM hardware with a carefully designed trusted monitor and API-compatible stack, delivering meaningful security with acceptable performance overheads in real workloads.

Abstract

ARM recently introduced the Confidential Compute Architecture (CCA) as part of the upcoming ARMv9-A architecture. CCA enables the support of confidential virtual machines (cVMs) within a separate world called the Realm world, providing protection from the untrusted normal world. While CCA offers a promising future for confidential computing, the widespread availability of CCA hardware is not expected in the near future, according to ARM's roadmap. To address this gap, we present virtCCA, an architecture that facilitates virtualized CCA using TrustZone, a mature hardware feature available on existing ARM platforms. Notably, virtCCA can be implemented on platforms equipped with the Secure EL2 (S-EL2) extension available from ARMv8.4 onwards, as well as on earlier platforms that lack S-EL2 support. virtCCA is fully compatible with the CCA specifications at the API level. We have developed the entire CCA software and firmware stack on top of virtCCA, including the enhancements to the normal world's KVM to support cVMs, and the TrustZone Management Monitor (TMM) that enforces isolation among cVMs and provides cVM life-cycle management. We have implemented virtCCA on real ARM servers, with and without S-EL2 support. Our evaluation, conducted on micro-benchmarks and macro-benchmarks, demonstrates that the overhead of running cVMs is acceptable compared to running normal-world VMs. Specifically, in a set of real-world workloads, the overhead of virtCCA-SEL2 is less than 29.5% for I/O intensive workloads, while virtCCA-EL3 outperforms the baseline in most cases.

virtCCA: Virtualized Arm Confidential Compute Architecture with TrustZone

TL;DR

This work presents virtCCA, a virtualized realization of ARM's Confidential Compute Architecture that runs cVMs on existing TrustZone hardware. By introducing a small trusted monitor (TMM) and a host hypervisor in the normal world, virtCCA achieves CCA API compatibility on platforms with and without S-EL2, using memory and I/O isolation mechanisms such as per-cVM secure memory, a bounce buffer, and software-emulated interrupt/MMIO paths. The authors implement virtCCA on real ARM servers, integrate it with ATF, RMM, QEMU/KVM, and a testing framework, and evaluate with micro- and macro-benchmarks showing acceptable overhead, notably better performance when S-EL2 is unavailable. They also outline a practical path for extending virtCCA to device passthrough and heterogeneous TEEs, indicating significant potential for confidential cloud deployments even before hardware CCA becomes widely available. Overall, virtCCA demonstrates that confidential computing can be realized on commodity ARM hardware with a carefully designed trusted monitor and API-compatible stack, delivering meaningful security with acceptable performance overheads in real workloads.

Abstract

ARM recently introduced the Confidential Compute Architecture (CCA) as part of the upcoming ARMv9-A architecture. CCA enables the support of confidential virtual machines (cVMs) within a separate world called the Realm world, providing protection from the untrusted normal world. While CCA offers a promising future for confidential computing, the widespread availability of CCA hardware is not expected in the near future, according to ARM's roadmap. To address this gap, we present virtCCA, an architecture that facilitates virtualized CCA using TrustZone, a mature hardware feature available on existing ARM platforms. Notably, virtCCA can be implemented on platforms equipped with the Secure EL2 (S-EL2) extension available from ARMv8.4 onwards, as well as on earlier platforms that lack S-EL2 support. virtCCA is fully compatible with the CCA specifications at the API level. We have developed the entire CCA software and firmware stack on top of virtCCA, including the enhancements to the normal world's KVM to support cVMs, and the TrustZone Management Monitor (TMM) that enforces isolation among cVMs and provides cVM life-cycle management. We have implemented virtCCA on real ARM servers, with and without S-EL2 support. Our evaluation, conducted on micro-benchmarks and macro-benchmarks, demonstrates that the overhead of running cVMs is acceptable compared to running normal-world VMs. Specifically, in a set of real-world workloads, the overhead of virtCCA-SEL2 is less than 29.5% for I/O intensive workloads, while virtCCA-EL3 outperforms the baseline in most cases.
Paper Structure (20 sections, 5 figures, 4 tables)

This paper contains 20 sections, 5 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Trusted Execution Environment
  4. ARM Platforms
  5. ARM's Confidential Compute Architecture
  6. Threat Model
  7. Virtualizing ARM Confidential Compute Architecture
  8. Overview
  9. Memory Isolation
  10. Interrupt and Device Virtualization
  11. Measurement and Attestation
  12. Security Analysis
  13. Evaluations
  14. Experimental Setup
  15. Sanity Check of TMM Interfaces
  16. ...and 5 more sections

Figures (5)

  • Figure 1: The architecture of virtCCA.
  • Figure 2: virtCCA-SEL2 interrupt translation.
  • Figure 3: virtCCA-EL3 software interrupt injection.
  • Figure 4: Macro-benchmarks between virtCCA and vanilla KVM. The absolute values for application benchmarks (Fig. \ref{['fig:appbench']}) in the format [vanilla-SEL2, virtCCA-SEL2, vanilla-SEL2-EL3, virtCCA-EL3] are listed as follows: MySQL in events/s [1390.2, 1276.0, 1063.09, 1276.0]; Apache requests/s [9856.6, 6930.6, 13788.7, 11504.6]; Hackbench in total times (s) [0.292, 0.3606, 0.1922, 0.1458]; Memcached in Ops/s [109573, 86426.5, 151610, 168999]; Redis in SET requests/s [827905, 866243, 730004, 839077]; MongoDB in throughput (Ops/s) [1390.2, 1276.0, 1063.09, 1157.01].
  • Figure 5: Device passthrough.