Gramine-TDX: A Lightweight OS Kernel for Confidential VMs

Paper abstract: Confidential Virtual Machines (CVMs) have emerged to protect data in use by performing computations in hardware-based Trusted Execution Environments (TEEs). Typically, a legacy feature-rich VM is re-packed into an encrypted CVM, such that the entire VM is protected from privileged insider attackers, running cloud-native workloads in a secure and isolated fashion. However, this primary usage of CVMs is not suitable for small, specialized, security-critical workloads: legacy VMs with their conventional OS distributions and a plethora of applications, tools, and files result in unnecessarily bloated CVMs that expose a large attack surface. Moreover, CVMs are commonly based on the Linux kernel that was never intended for Confidential Computing (CC) and thus does not protect against certain attack vectors. In this paper, we present the Gramine-TDX OS kernel to execute slim, single-purpose, security-first, unmodified Linux workloads with a minimal attack surface. We base our work on Gramine-SGX, a battle-tested TEE runtime tailored for CC, which allows us to build on the existing high-level protections and focus only on the CVM-specific attack surface. In comparison to a typical Linux kernel, the Gramine-TDX codebase is ∼50x less in binary size and has a significantly smaller attack surface, which makes it a perfect match for emerging cloud-native confidential-computing workloads. Our evaluation on 8 workloads indicates that Gramine-TDX has 1-25% overhead for CPU- and memory-intensive applications. We build our proof of concept using Intel®Trust Domain Extensions (TDX).

Kuvaiskii, D., & Stavrakakis, D. (2024). Gramine-TDX: A Lightweight OS Kernel for Confidential VMs (Artifact Evaluation (v.1)). 31th ACM Conference on Computer and Communications Security (CCS) (ACM CCS), Salt Lake City, U.S.A. Zenodo. https://doi.org/10.5281/zenodo.12779161