Skip to content

binxio/gcp-conf-compute-analysis

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GCP Confidential VM & Shielded VM Analysis

This repository contains the literature research on the current state of Confidential Compute at Google Cloud Platform (GCP).

Goal

The goal of this document is to provide an overview of the Confidential Compute service and shielded VM provided by Google Cloud (GCP).

This document includes: (1) the description of the trust-layers used by Google, (2) links to resources, (3) example code and (4) an explicit literature research into known vulnerabilities of the AMD EPYC CPU that is the main hardware component of the Google Confidential Compute.

use case of GCP and Confidential Compute

The perspective of this analysis is to determine, the level of decoupling there can be realized between you as GCP user and GCP as Cloud Service Provider (GCP).

A common use case for this requirement is the processing of Personally identifiable information (PII) that needs to be decoupled from parties under US law, when it concerns data of EU Citizens due to EU GDPR legislation.

Content

Topics discussed in this document are:

  • GCP Titan (TPM)
  • GCP Shielded VM (vTPM)
  • GCP Confidential VM (TEE)
  • GCP Integrity Monitoring
  • GCP Organizational Policies
  • GCP Combining Encryption

Quality Assurance

The goal is to have various Subject Matter Experts (SME) review (1) this document and (2) the Zotero reference library,
and to provide feedback via for example adding issues in the GitHub tracker.

To achieve this, from a compliance viewpoint, is by not including information from any of our clients and employers. In addition the context of and in a company is very specific and unique and therefore difficult to comment on by SME’s not knowledgeable of this context.

Open for contribution

This analysis is documented in the LaTeX format, so that versioning and contribution can be facilitated via Git/ GitHub and is open for everybody to contribute.

The Confidential Compute technology and the offerings at GCP are continuously updated, so this analysis should also be continuously updated.

License

The content of this document is a (re-)mix of available public sources. The original authors are Maarten Baijs, Laurens Knoll and Edzo Botjes. This document includes reference to these public sources. The license of this document is Creative Commons By Association 4.0. This implies that everybody is free to use, adapt and change the content of this document but needs to mention explicitly that this document is the source.

Tool Support

Zotero

CI pipeline for LaTeX example

This repository contains examples from the blog post How to annoy your co-authors: a Gitlab CI pipeline for LaTeX.

This latex-pipeline is using Docker and GNU make together with latexMK in a the texlive:latest container.

The texlive:latest container. is updated weekly by the texlive organisation.

When you need to change the (advanced) setting, y ou can do this via the Makefile and latexmkrc files.


Compile locally with

make clean render

OR

Continiously Compile locally with

to keep compiling the pdf when the input files are updated.

make clean render LATEXMK_OPTIONS_EXTRA=-pvc

Continiously Refresh PDF-viewer with

This runs the PDF viewer Evince that refreshes.

evince paper/latexmk/main.pdf

automatically when the pdf is changed.

Documentation Conventions

  1. Every sentence around 7 words.
  2. After every '.' an \n (enter) in the source file.
  3. Every \cite or \citep on a new line (\n).
  4. When in landscape images to the right, text to the left.
  5. Language setting is US_EN
  6. Figures have as label prefix 'fig:'
  7. All figures should have transparent background color.

Backlog

  1. Update authors information (org).
  2. Setup/ reserve an DOI in Zenodo for this doc.
  3. Move backlog to github .
  4. Refactor gitlab-ci to github actions.
  5. Adjust latex template design based on Binx based on Xebia.
  6. Rotate whitepaper to landscape

Fonts

  • The google font familiy is well supported in LaTeX, new and free to use.
  • Currently this document is using the Noto font.

Noto

\usepackage[sfdefault]{noto}
\usepackage[T1]{fontenc}

EB Garamond

\usepackage[cmintegrals,cmbraces]{newtxmath}
\usepackage{ebgaramond-maths}
\usepackage[T1]{fontenc}

Merriweather

\usepackage{merriweather} %% Option 'black' gives heavier bold face 
\usepackage[T1]{fontenc}

Roboto

\usepackage[sfdefault]{roboto}  %% Option 'sfdefault' only if the base font of the document is to be sans serif
\usepackage[T1]{fontenc}
  • "The mission of the Scientific and Technical Information Exchange (STIX) font creation project is the preparation of a comprehensive set of fonts that serve the scientific and engineering community in the process from manuscript creation through final publication, both in electronic and print formats."
  • stix2 homepage
  • Stix2@tug
\usepackage[T1]{fontenc}
%\usepackage{stix2} 

LaTeX Resources

Overall

  1. https://www.overleaf.com/learn/latex/

on Text layout

  1. https://www.overleaf.com/learn/latex/Hyperlinks
  2. https://www.overleaf.com/learn/latex/Font_sizes%2C_families%2C_and_styles
  3. https://www.overleaf.com/learn/latex/Text_alignment
  4. https://tex.stackexchange.com/questions/23766/suppress-fancy-header-and-footer-on-first-page-only

on Tables

  1. https://tex.stackexchange.com/questions/112343/beautiful-table-samples
  2. https://tex.stackexchange.com/questions/126539/padding-at-the-top-of-a-table-cell-in-latex