Datacenters continue to grow as the basis of computing and storing our confidential and private data. The Hardware Root of Trust (HRoT) must be designed properly in order to avoid common security pitfalls in datacenter hardware.
Datacenter customers often choose to protect specific confidential and private portions of their application in a secure enclave. Secure enclaves are contained execution environments providing isolation and protection from other processes including the underlying operating system. Many secure enclaves are rooted only in software and do not provide isolation or protections that might exist in the underlying hardware. Constructing a Hardware Root of Trust secure enclave for processing confidential and private information provides the strongest levels of isolation to ensure data is tightly contained.
Vulnerabilities in Remote Attestation
Remote attestation is a service provided by the datacenter that allows IoT devices and other remote applications to authenticate themselves and establish a level of trustworthiness. Remote attestation is built on cryptographic primitives requiring thorough verification of the confidentiality and integrity of private keys, protected memory regions and configuration registers. Most existing remote attestation approaches are only rooted in software and many were completely broken by the recent Foreshadow attacks. Remote attestation must be based on a Hardware Root of Trust to ensure cryptographic content is tightly contained and the trustworthiness of the system cannot be compromised.