SPIFFE is a framework to generate identities for software systems in dynamic and heterogeneous environments. SPIFFE Verifiable Identity Documents (SVIDs) enable us to be explicit about the trust we place in systems. However, the degree of trust we can place in SVIDs relies heavily on the soundness of the data gathering and verification process during node attestation.

This presentation introduces a novel approach to enhance the trust in SVIDs by leveraging confidential computing technologies, specifically Confidential Virtual Machines (CVMs) such as AMD SEV-SNP or Intel TDX. These technologies enable us to track platform information directly in hardware, including firmware, boot loader, and kernel images, which are then signed with a key rooted inside the CPU itself. By incorporating hardware-protected platform information directly into the SVID generation process, we can significantly enhance the confidence placed in the resulting identity documents. Additionally, consumers of these SVIDs will be able to assert these properties before placing trust in a system.

The presentation will provide an introduction to the realm of confidential computing, as well as provide an overview of SPIFFE/SPIRE, including the architecture of SPIRE agents and servers, the concept of workloads and SPIFFE SVIDs, and the role of node plugins in the attestation process. A practical example that integrates the AWS Instance Identity Document plugin with AMD SEV-SNP will be demonstrated, showcasing the implementation challenges and solutions.

Through this presentation, attendees will gain insights into how confidential computing technologies can bolster the security of critical systems in an untrusted cloud environment, paving the way for more robust and resilient infrastructure in modern computing environments.