Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Next (from 25Jan RM call): Rewrite as guidance with recommendations on what to do to get the advantages.

Text WIP before creating PR:

Chapter 7 (before Software Supply Chain after Platform Access, before Workload Security)

Security HW Assist for Data in Use


  • Those exposed as node labels on virtualized software infrastructure, when scheduling can be influenced by those labels:
    • Memory encryption on level of physical server
    • Memory encryption on level or of VMs: Where hypervisor manages encryption keys.
  • That also requires application modification, and while scheduling the application mapping of HW-support to the application:
    • Secure enclaves within application: To isolate specific application code and data in memory, which are designed to be protected from processes running at higher privilege levels like OS and hypervisor.