ARM recently introduced the Confidential Compute Architecture (CCA) as part of the upcoming ARMv9-A architecture. CCA enables the support of confidential virtual machines (cVMs) within a separate world called the Realm world, providing protection from the untrusted normal world. While CCA offers a promising future for confidential computing, the widespread availability of CCA hardware is not expected in the near future, according to ARM's roadmap. To address this gap, we present virtCCA, an architecture that facilitates virtualized CCA using TrustZone, a mature hardware feature available on existing ARM platforms. Notably, virtCCA can be implemented on platforms equipped with the Secure EL2 (S-EL2) extension available from ARMv8.4 onwards, as well as on earlier platforms that lack S-EL2 support. virtCCA is fully compatible with the CCA specifications at the API level. We have developed the entire CCA software and firmware stack on top of virtCCA, including the enhancements to the normal world's KVM to support cVMs, and the TrustZone Management Monitor (TMM) that enforces isolation among cVMs and provides cVM life-cycle management. We have implemented virtCCA on real ARM servers, with and without S-EL2 support. Our evaluation, conducted on micro-benchmarks and macro-benchmarks, demonstrates that the overhead of running cVMs is acceptable compared to running normal-world VMs. Specifically, in a set of real-world workloads, the overhead of virtCCA-SEL2 is less than 29.5% for I/O intensive workloads, while virtCCA-EL3 outperforms the baseline in most cases.

翻译：ARM近期将机密计算架构(CCA)作为即将推出的ARMv9-A架构的一部分引入。CCA通过称为Realm世界的独立空间支持机密虚拟机(cVM)，提供对不可信普通世界的保护。尽管CCA为机密计算提供了广阔前景，但根据ARM的路线图，CCA硬件在短期内不会广泛普及。为解决这一差距，我们提出virtCCA架构，该架构利用TrustZone（现有ARM平台上成熟的硬件特性）实现虚拟化CCA。值得注意的是，virtCCA既可在搭载ARMv8.4及更高版本中Secure EL2(S-EL2)扩展的平台上实现，也可在不支持S-EL2的早期平台上运行。virtCCA在API层面完全兼容CCA规范。我们基于virtCCA开发了完整的CCA软件和固件栈，包括增强普通世界KVM以支持cVM的功能，以及强制隔离cVM并提供cVM生命周期管理的TrustZone管理监控器(TMM)。我们在支持和不支持S-EL2的真实ARM服务器上实现了virtCCA。基于微基准和宏基准的评估表明，与运行普通世界虚拟机相比，运行cVM的额外开销是可接受的。具体而言，在一组真实工作负载中，对于I/O密集型工作负载，virtCCA-SEL2的开销低于29.5%，而virtCCA-EL3在大多数情况下表现优于基线方案。