Confidential Computing: AWS Perspective | Amazon Web Services Blog

From government agencies and regulated industries to small businesses and enterprises, customers around the world rely on Amazon Web Services (AWS) for their most important data and applications. Keeping your workload secure and private and meeting your privacy and data sovereignty requirements is AWS’ top priority. By investing in security technology and employing rigorous practices, AWS meets and exceeds the privacy and sensitive data handling standards of the most demanding customers. Over the years, we have invested heavily in dedicated technology and systems to continue to raise the bar for our customers’ security and privacy.

Over the past year, there has been growing interest in the term “confidential computing” in conversations with our customers. The term is used for technologies that solve a variety of problems and seems confused as to what it really means. With the mission to contribute to your innovation, we want to share our vision of confidential computing.

AWS defines Confidential Computing as “the protection of your data and in-process code from external access using special hardware and firmware.” Confidential computing has two aspects: security and privacy. The first is to protect your code and data from operators of the underlying cloud infrastructure. And second, customers are dividing their workloads into more reliable and less reliable components. This means that parties who don’t or don’t trust each other can design a system that can work together while keeping each party’s code and data confidential.

In this article, AWS Nitro System provides these protections to customers using Nitro-based Amazon Elastic Compute Cloud (Amazon EC2) instances without code or workload changes, and the first requirement is Explain that you are satisfied. It also describes the availability of toolsets and programming models that customers are familiar with to meet the second requirement. Let’s talk about the Nitro system first for this explanation.

What is the Nitro System?

The latest Amazon EC2 instance foundation, the Nitro System, is a good example of how AWS has invented and innovated to provide more privacy and privacy for your applications. For 10 years, we’ve been reinventing the EC2 virtualization stack by migrating more virtualization capabilities to dedicated hardware and firmware. The Nitro system is the result of this continuous and enduring innovation. The Nitro system consists of three main components: the Nitro board, the Nitro security chip, and the Nitro hypervisor. Nitro Card is a dedicated hardware component with compute capabilities that performs I/O functions, such as Amazon Virtual Private Cloud (Amazon VPC), Amazon Elastic Block Store (Amazon EBS), and Amazon EC2 instance storage .

The Nitro board is designed, manufactured and tested by our silicon development subsidiary Annapurna Labs, migrating core virtualization capabilities from the EC2 server (the underlying host infrastructure) running EC2 instances. The Nitro system uses the Nitro security chip to provide hardware-based reliability, which encrypts, measures and validates the system. This provides a significantly higher level of reliability than traditional hardware and virtualization systems. The Nitro hypervisor is a lightweight hypervisor that manages memory and CPU allocations, delivering performance indistinguishable from bare metal (a recent blog post – Bare Metal Instance Performance on the AWS Nitro system, our company. I compared the performance with the bare metal instance).

Nitro’s Approach to Confidential Computing

The Nitro system offers three main protections. The first two help protect against cloud operators and cloud system software, which are aspects of confidential computing. Third, we help you separate your workload into more reliable and unreliable elements.

  1. Protection against cloud operators: AWS is designed to keep your workloads private between you and between you and AWS. The Nitro system is designed to be inaccessible to operators. No one or system can connect to the EC2 server (the underlying host infrastructure), read the memory of an EC2 instance, or access data stored in instance storage or encrypted EBS volumes. Even though AWS operators need privileges to maintain the EC2 server, they are only enforced using strictly limited audited authentication, authorization, and management APIs, which reside on the EC2 server. I don’t have the ability to access your data. These limits are technically built into the Nitro system itself and no AWS operator can circumvent them. Additionally, memory encryption capabilities are provided on various EC2 instances to provide better protection against physical attacks at the memory interface. Memory encryption is currently enabled by default on Graviton2-based instances (T4g, M6g, C6g, C6gn, R6g, X2g) with Total Memory Encryption (TME) and Intel-based M6i instances. .. Additionally, Secure Memory Encryption (SME) will be adopted for the upcoming EC2 platform with AMD Milan processors.
  2. AWS System Software Protection: Nitro System’s unique design leverages low-level hardware memory isolation capabilities to eliminate direct access to your memory while eliminating the need for a hypervisor on bare metal instances.
    • In the virtualized EC2 instance (Figure 1), the Nitro hypervisor works with the underlying hardware virtualization system to create virtual machines isolated from each other and even from the hypervisor itself. SR-IOV is used to access network, storage, GPU and accelerators. SR-IOV is a technology that allows an instance to interact directly with a hardware device using a direct connection securely created by a hypervisor. EC2 features such as instance snapshots and hibernation are provided by dedicated brokers that use end-to-end memory encryption that AWS operators cannot access.

      Figure 1: Virtualized EC2 instances

      Figure 1: Virtualized EC2 instance

    • Baremetal EC2 instances (Figure 2) do not have a hypervisor running on the EC2 server, giving customers dedicated and exclusive access to the underlying main system board. Bare Metal instances are licensed for use in applications that require low-level hardware features that are not available in virtualized environments, such as performance counters and Intel® VT, applications that run directly on hardware and non-virtualized environments. need to access physical resources for applications that require or support. Bare metal instances have the same EC2 features as virtualized instances, such as storage and networking. This is because the Nitro system implements the system functionality normally provided by the virtualization layer separately and independently using dedicated system hardware and firmware. Additionally, Amazon EC2 Mac instances are created using the same technology. The Nitro system runs on a separate bus, so you can install the Nitro card directly into Apple’s Mac mini hardware without any other physical modifications.

      Figure 2: EC2 Bare Metal Instance

      Figure 2: EC2 Bare Metal Instance

  3. Protect the sensitive data and processing of your operators and software: Nitro Enclaves also offers a second aspect of confidential computing. Nitro Enclaves is a highly isolated compute environment launched from your EC2 instance and connected to that EC2 instance. By default, no user (even the root or administrator user) or software running on your EC2 instance has interactive access to the isolation zone. Nitro Enclaves has cryptographic authentication capabilities that allow customers to verify that all software deployed in the isolated zone has been verified and has not been tampered with. Nitro Enclave adds the same level of cloud operator protection as Nitro-based EC2 instances, plus the ability for customers to split their systems into untrusted components. This protects your particularly sensitive data and code not only from AWS operators, but also from your own operators and other software. The main purpose of Nitro Enclaves is to protect you from your users and software on your EC2 instances. In other words, Nitro Enclaves considers EC2 instances to be out of trust. Nitro Enclaves does not share memory or CPU cores with EC2 instances, and because this greatly reduces the attack surface, Nitro Enclaves does not have an IP network and does not provide persistent storage. Additionally, Nitro Enclaves is designed as a developer-friendly platform and does not require advanced cryptographic knowledge or CPU microarchitecture expertise. Developers also focus on providing user-friendly development methods that allow developers to quickly and easily create sensitive data processing applications and develop them as easily as writing code for other Linux environments.


Nitro System’s unique virtualization and isolation approach allows customers to securely isolate sensitive data processing from carriers and AWS software. It is provided as an essential and standard set of protection against system software and cloud operators, an important aspect of confidential computing. You can also use Nitro Enclaves to provide additional protection against your own software and carriers.

Future plans

As mentioned earlier, the Nitro system symbolizes nearly a decade of effort to raise the bar for cloud workload security and privacy. This allows us to do more than we can with existing technology and hardware. But this is not the end. We will continue to add more confidential computing functions in the future.

Most Recent Related Event

AWS Security Roadshow Japan 2021 will be held online from Thursday, November 11 to Friday, November 12, 2021. Lectures on Critical Data Protection and Confidential Computing in Cloud Environments, 10 AWS Customer Case Sessions, AWS Zero Trust Workshops, AWS Security JAM and AWS Security GameDay are just a few of the fun opportunities to learn. Please register from the following registration site.

Get information about AWS security news, content, and new features Twitter But it is delivered.


David Brown

David is the Vice President of Amazon EC2. After working as a software developer in a financial start-up, he joined AWS in 2007 as a software developer based in Cape Town and was involved in the initial development of Amazon EC2. For the past 12 years, he has held a major position within Amazon EC2 and worked to bring this service to its current form.

Click here for the original text. The translation was done by SA Shoichi Kiriya.

Leave a Comment