virtCCA: Virtualized Arm Confidential Compute Architecture with TrustZone

Abstract

Arm introduced the Confidential Compute Architecture (CCA) in the upcoming Armv9-A architecture, enabling the support of confidential virtual machines (CVMs) in a separate world called the Realm world, providing protection from untrusted normal world. While CCA offers a promising future for confidential computing, the widespread commercial CCA hardware is not available in the near future. To fill this gap, we present virtCCA, an architecture that facilitates virtualized CCA using TrustZone, a mature hardware feature on existing Arm platforms. Notably, virtCCA can be implemented on platforms equipped with the Secure EL2 (S-EL2) extension from ARMv8.4 onwards, as well as on earlier platforms that lack S-EL2 support. virtCCA provides strong compatibility with the CCA specifications at the API level. We developed the entire CCA software and firmware stack on top of virtCCA, including the enhancements to the normal world's KVM to support CVMs, and the TrustZone Management Monitor (TMM) that enforces isolation among CVMs and provides CVM lifecycle management. We have implemented virtCCA on real Arm servers, both with and without S-EL2 support. Our evaluation on micro-benchmarks and macrobenchmarks demonstrates that the overhead of running CVMs is acceptable compared to running normal-world VMs. Specifically, in a set of real-world workloads, the overhead of virtCCA-SEL2 is less than 29.7% for I/O intensive workloads, while virtCCA-EL3 outperforms the baseline in most cases.