-
Feature
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
None
-
None
-
BU Product Work
-
False
-
None
-
False
-
KATA-2603Enhanced protection for data in-use (CoCo)
-
Not Selected
-
100% To Do, 0% In Progress, 0% Done
-
-
-
0
-
0
Feature Overview (aka. Goal Summary)
In CoCo, any components on the host is untrusted. Consequently the kata shim is untrusted and care should be taken to protect kata-agent from the kata shim.
This is made possible by agent policy which is in the VM TEE which defines the allowed operations for the kata-agent.
Goals (aka. expected user outcomes)
Any operation which is not explicitly allowed should be blocked by the kata-agent
Requirements (aka. Acceptance Criteria):
Kata agent policy integration
Ability to customise agent policy
Ensuring agent policy cannot be tampered with
References