This repository was archived by the owner on Aug 4, 2025. It is now read-only.
docs: add verfiy RTMR with replayed event log related content #186
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hulongyin
force-pushed
the
doc_eventlog
branch
5 times, most recently
from
81b37f0 to
0f0d371
Compare
leyao-daily
reviewed
Feb 5, 2024
| This design can be divided into three steps logically. | ||
| This design can be divided into four steps logically. | ||
| - A plain AI model is preprocessed before uploading or use in cloud native environment. AI model should be encrypted offline, and the encryption key will be stored in a key database server. | ||
| - Fetch and verify event logs. Event log is the record of measurements made to PCRs by the Platform Firmware, with some informational events not extended to PCRs. The informational events are used to convey valuable information to an evaluator of the log. Each measurement made, as well as the information events, are recorded in the event log as individual entries with specified fields. Event logs can assist the attestation/verification process. For more detail, please refer to [TCG_PCClient Spec](https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf). |
Ruoyu-y
suggested changes
Feb 5, 2024
|
|
||
| The service supports attestation, measurement fetching and event log collecting of various platforms including Intel TDX, Trusted Platform Modules (TPM) and AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) (will be supported soon). | ||
|
|
||
| CCNP is a good choice to get event log and it hides the complexity and is easy to use, sample code from CCNP: |
There was a problem hiding this comment.
CCNP is a good choice to fetch these evidences including measurements and event logs, which hides the complexity of the underlying platforms and increase the usability of the APIs. Here's the sample code using CCNP:
Contributor
Author
There was a problem hiding this comment.
Thanks, all fixed.
| CCNP is a good choice to get event log and it hides the complexity and is easy to use, sample code from CCNP: | ||
|
|
||
| ```Python | ||
| from ccnp import Eventlog, EventlogType |
| event_logs = Eventlog.get_platform_eventlog() | ||
| ``` | ||
|
|
||
| To verify that event log has not been tampered with, we can compare IMR (Integrated Measurement Register) value from CCNP fetching and replayed via event log. |
There was a problem hiding this comment.
To verify that the event logs have not been tampered with, we can compare the measurement replayed from event logs with the IMR (Integrated Measurement Register) values fetched using CCNP.
| CNAP project’s Inference Service flow of getting AI model should be updated to support TEE environment since the AI model has been encrypted: | ||
|
|
||
| - Deploy CCNP as a [DaemonSet](https://intel.github.io/confidential-cloud-native-primitives/_rst/service.quote.html#deploy-as-daemonset-in-kubernetes), it will detect the TEE environment. | ||
| - Fetch and verify evnet log. |
| ### 2.5 Attestation | ||
| ### 2.5 Fetch and Verify Event Log | ||
|
|
||
| CCNP provides an easy way to fetch and verify event log in TEE. After fetching event log, we can compare IMR (Integrated Measurement Register) value from CCNP fetching and replayed via event log to verify that event log has not been tampered with. |
There was a problem hiding this comment.
we can compare the measurement replayed from event logs with the IMR (Integrated Measurement Register) values fetched using CCNP to verify that event logs have not been tampered with.
| This document describes a common architecture to “design and run” a native AI Model into confidential computing environments. (1) AI Model preprocess (2) Attestation of the cloud native environment (3) AI Model fetching and decryption. | ||
| Intel’s TDX technology can provide a TEE running environment, and CCNP can simply the attestation of confidential native environment, last but not least, a sample KBS is introduced to help customer to connect with its own or vendor-independent attestation service (for example, Intel Trust Authority). | ||
| This document describes a common architecture to “design and run” a native AI Model into confidential computing environments. (1) AI Model preprocess (2) Fetch and verify event logs (3) Attestation of the cloud native environment (4) AI Model fetching and decryption. | ||
| Intel’s TDX technology can provide a TEE running environment, and CCNP can simply the event log, measurement fetching and attestation of confidential native environment, last but not least, a sample KBS is introduced to help customer to connect with its own or vendor-independent attestation service (for example, Intel Trust Authority). |
Signed-off-by: Longyin Hu <longyin.hu@intel.com>
Hulongyin
force-pushed
the
doc_eventlog
branch
from
0f0d371 to
106bb23
Compare
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is to add verify RTMR with replayed event log related content to the
How_to_Protect_AI_Models_in_Cloud_Native_Environmentsdocumentation.