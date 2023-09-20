Intel has announced the general availability of its first Trust Authority attestation services. The services are the result of the company\u2019s Project Amber initiative announced last year, and they are designed to support confidential computing deployments.\n\nAttestation services are a means to confirm the trustworthiness of the operating system and application software. Intel Trust Authority does so in confidential computing environments by assessing secure enclave integrity and enforcing security policies. It works in multiple cloud, hybrid, on-premises, and edge networks, Intel claimed in a blog post.\n\nWhat is confidential computing?\n\nConfidential computing is the process of isolating sensitive data payloads with hardware-based memory protections. This is typically done through hardware-based trusted execution environments (TEEs) that, with operating system support, help secure data in use. Intel\u2019s Software Guard Extensions (SGX) available on the Intel Xeon Scalable platform is one example of a TEE. SGX is a secure area of Intel Xeon processors that allows for the allocation of private memory regions, called secure enclaves, to help prevent processes from running at higher privilege levels. The goal is to isolate data and code to prevent unauthorized access.\n\nTEE-enabled operating systems include Apple\u2019s iOS Secure Enclave, Google Trusty, Trustonic Kinibi, and Qualcomm QTEE. Most processor manufacturers have their own TEE implementations, including AMD\u2019s Platform Security Processor (PSP), ARM TrustZone, and IBM Secure Service Container.\n\nWhat Intel Trust Authority offers today\n\nWith the initial launch, Intel Trust Authority provides attestation services for trusted execution environments that its own SGX and Intel Trust Domain Extensions (TDX) enable. However, \u201cOur vision is that [Trust Authority] will ultimately contribute to the integrity of the entire digital ecosystem,\u201d Anil Rao, Intel\u2019s VP and general manager of systems architecture and engineering, said in a blog post. \u201cWith Intel Trust Authority, organizations can implement the NIST recommendations for a zero-trust architecture across a variety of deployments: from on-premises to hybrid and multiple clouds to the edge\u2014all without incurring the cost and complexity of building their own attestation service. This SaaS redefines trust by providing objective, third-party verification of the authenticity and integrity of confidential computing environments and workloads.\u201d\n\nThe company chose attestation as the first Trust Authority service because of customer demand, Rao said in a press briefing. Intel\u2019s customers wanted the protections that attestation provides \u201cin an operator-independent and auditable manner to support their zero-trust strategies,\u201d he said, citing the need for compliance with global regulations as one driving factor.\n\n\u201cOur customers have expressed a need for a general trusted and operator-independent third-party assurance service,\u201d Rao said, \u201cand this new implementation of Trust Authority will help ensure that we provide higher confidence for those customers who want to move sensitive data to the outer edge. Third-party attestation essentially provides objectivity and independence to confidential computing in a manner where assurance and objectivity is something our customers can maintain.\u201d