Standing on the shoulders of the TDX and SEV giants, the RISC-V AP-TEE Technical Group is currently defining the threat-model, the reference architecture and the interfaces to support confidential computing use cases on RISC-V. All the TG discussions happen in the open and all the related reference implementations are open source, representing a unique opportunity for interested contributors to participate in the elaboration of such a fundamental piece of technology.
During this presentation we will describe the currently proposed architecture, highlighting how it is focusing on multi-tenant, hardware-virtualized workloads. We will also explain how both the guest and host APIs will support this architecture by stepping through a few concrete confidential computing use cases. Next we will present Salus, the reference Trusted Security Manager (TSM) implementation. The last part of this talk will go into the short and longer term tasks the TG is going to tackle, like e.g. trusted IO and attestation. During this last section, we will try to highlight where and how new contributors could help the RISC-V community design and implement this confidential computing architecture.