Arm Confidential Computing Research Platform Enables Evaluation on Standard Hardware.

Researchers developed OpenCCA, a platform enabling confidential computing research on standard Armv82 hardware. OpenCCA emulates Arm Confidential Computing Architecture (CCA) operations via systematic software adaptation, including bootloader and hypervisor modifications. Performance evaluation and functional correctness were demonstrated on a £200 board.

The increasing demand for data privacy and security necessitates confidential computing, a technology designed to protect code and data in use. At the same time, implementations such as Intel’s TDX and AMD’s SEV-SNP rely on dedicated hardware features, research into Arm’s Confidential Computing Architecture (CCA) has been hampered by a lack of readily available hardware support. This has resulted in fragmented efforts and difficulties in comparing performance metrics. Addressing this challenge, Andrin Bertschi and Shweta Shinde, both from ETH Zurich, present “OpenCCA: An Open Framework to Enable Arm CCA Research”, detailing an open-source platform that emulates CCA functionality on standard Armv8.2 hardware, facilitating performance evaluation and lowering the barrier to entry for researchers utilising a readily available $250 Rockchip board.

OpenCCA: Facilitating Research into Arm Confidential Computing

Confidential computing is gaining importance in data security, protecting data while it is being processed. Technologies such as Intel Trust Domain Extensions (TDX), Secure Encrypted Virtualisation – Scalable Node Encryption (SEV-SNP), and Arm Confidential Computing Architecture (CCA) are central to this field. However, research into Arm CCA is hampered by a lack of consistent hardware platforms for performance evaluation. Current methods often rely on bespoke prototypes built using standard Arm development boards, resulting in duplicated effort and difficulties in comparing results. OpenCCA directly addresses this issue by providing an open research platform capable of emulating CCA operations on commercially available hardware.

OpenCCA achieves this emulation through systematic adaptation of the entire software stack – encompassing the bootloader, hypervisor, and kernel – with a focus on both functional accuracy and the ability to measure performance characteristics relevant to practical deployments. A hypervisor is a piece of software that creates and runs virtual machines. This approach encourages innovation and accelerates the development of secure computing technologies by providing a standardised environment for exploring CCA concepts and a practical means for performance evaluation.

The effectiveness of OpenCCA is demonstrated through lifecycle measurements and case studies inspired by existing CCA-based research. Researchers successfully utilise a readily available and affordable Rockchip board to showcase the platform’s accessibility. This accessibility is crucial for wider adoption and accelerating innovation in confidential computing on Arm architectures. The systematic software adaptation, combined with the use of standard hardware, establishes OpenCCA as a valuable resource for advancing the field.