Skip to content

Cosmian VM

Cosmian VM are Linux-based system images preconfigured to verify Confidential VM trustworthiness and integrity at anytime. The images are based either on Ubuntu 22.04 or RHEL 9, and can then be used as regular Linux distribution on most cloud providers such as Google Cloud Platform (GCP), Microsoft Azure and Amazon Web Services (AWS).

Cosmian VM image provides the following features:

  • Confidentiality: the whole environment runs in a Trusted Execution Environment (TEE) with encrypted memory
  • Verifiability: user can verify the integrity of executables at any time and compare against a reference snapshot
  • Genericity: compatible with AMD SEV-SNP and Intel TDX in addition to TPM and vTPM
  • No code modification: no need for third party library or any specific adaptation of applications
  • Simplicity: manual configuration reduced at its bare minimum

Threat Model

Cosmian VM is designed to secure your application against passive (honest-but-curious) and active (malicious) cloud provider staff member

The foundation of Cosmian VM relies on the following components:

  • Trusted Execution Environment (TEE) such as AMD SEV-SNP or Intel TDX for memory encryption
  • Trusted Platform Module (TPM) or vTPM (virtual TPM) to store secrets and attest the content of some memory region
  • Integrity Measurement Architecture (IMA), a Linux kernel module used to maintain a measurement log of all executables

In addition, Cosmian VM image contains the following software:

  • cosmian_vm_agent: an agent running in the confidential VM to forward attestations, collaterals (e.g. root certificates) and measurement log
  • cosmian_certtool to ease the generation of Let’s Encrypt certificates if needed
  • cosmian_fstool to ease the generation of LUKS container with secret key stored in the TPM/vTPM

Our client CLI cosmian_vm can be used to interact with cosmian_vm_agent and verify the trustworthiness of a specific instance launched with Cosmian VM as base image.

setup flow

Audit

Cosmian VM image construction process can be found in the following GitHub repository: https://github.com/Cosmian/cosmian_vm

Snapshot of the system

The snapshot of the system is a crucial step performed by cosmian_vm_agent to produce a JSON file with:

  • TEE policy
  • TPM policy
  • List of measured files and their hash digests

It’s a one-time process done before you decide to freeze the system, the content will be compared with TEE attestation, TPM/vTPM attestation and IMA measurement log to verify the trustworthiness of the remote instance.

Verification of the remote instance

Verification process of the Cosmian VM is performed using client CLI cosmian_vm which will check:

  • IMA (Integrity Measurement Architecture) measurement log with the list of executable and configuration file’s hash digest, to be compared against the snapshot
  • TPM (Trusted Platform Module) attestation of the IMA measurement log
  • TEE (Trusted Execution Environment) trustworthiness to ensure the instance is running on secure hardware using encrypted memory

simple verification flow

detailed verification flow

Cloud providers support

Cosmian VM already supports AMD SEV-SNP and Intel TDX but it might depend on the cloud provider.

Here is a list of compatibility as of March 2024:

GCP Azure AWS
TDX Ubuntu 22.04 Ubuntu 22.04 (soon) Not supported
SEV Ubuntu 22.04
RHEL 9		 Ubuntu 22.04 (soon) Ubuntu 22.04 (soon)

© Copyright 2018-2024 Cosmian. All rights reserved.