Attestable Software Versioning for Stateful Confidential Computing

Trusted execution environments enable the creation of confidential and attestable enclaves that exclude the platform and service providers from the trusted base. From its initial attestable state, a stateful enclave such as a confidential database can hold confidential information in memory or use an enclave-specific secret seed to encrypt it on disk. The attestation logic is bound to a unique software version, and does not provide a mechanism to upgrade software version. We propose attestable software versioning to ensure the trust-worthy software migration of stateful enclaves in the context of an untrusted service operator. Attestable software versioning relies on extended attestation, a two-steps hashing process for measurement validation of an enclave extended with its complete software lineage, which further restricts migration to white-listed software versions. Enclaves rely on mutual local or remote extended attestation during the software upgrade; client program use remote extended attestation to determine the software lineage decisions made by the untrusted service operator. The mechanism enables a full separation of roles and responsibilities between software editors, which cannot access data, and untrusted platform operators, who trigger attestable software upgrades.