Next (from 25Jan RM call): Rewrite as guidance with recommendations on what to do to get the advantages.
Text WIP before creating PR:
Chapter 7 (before Software Supply Chain after Platform Access, before Workload Security)
Security HW Assist for Data in Use
- Those exposed as node labels on virtualized software infrastructure, when scheduling can be influenced by those labels:
- Memory encryption on level of physical server
- Memory encryption on level or of VMs: Where hypervisor manages encryption keys.
- That also requires application modification, and while scheduling the application mapping of HW-support to the application:
- Secure enclaves within application: To isolate specific application code and data in memory, which are designed to be protected from processes running at higher privilege levels like OS and hypervisor.