AWS Nitro is a confidential computing technology from Amazon that provides highly isolated execution environments in EC2 instances. Absence of external networking, persistent storage and interaction with the enclave reduces the attack surface. However, this drastically limits the number of useful applications that can run on a Nitro platform. Salmiac developed by Fortanix aims at solving this problem securely, by extending Nitro enclaves with external networking and persistent filesystem.
In this talk we discuss the implementation of file system and networking in Salmiac for the AWS Nitro platform in detail.
An AWS Nitro enclave represents a separate VM with it's own processor cores, memory and a running OS kernel. External networking and storage are not available by default inside an enclave. The only way an enclave can communicate with the outside world is through a vsock connection to the parent VM. Salmiac provides network access to the applications inside an enclave by proxying network packages over this vsock connection. Offering secure persistent storage to nitro enclaves is more challenging. Salmiac saves the state of the application in a network block device. Data is transferred into the device via the vsock network channel that connects the enclave and parent in a nitro instance. It is secured by utilizing the Linux kernel's Device Mapper features like dm-verity and dm-crypt.