Encrypt cloud disks attached to confidential computing-capable ECS instances - Elastic Compute Service

On Elastic Compute Service (ECS) instances that support confidential computing, data run by confidential computing applications is protected with register and memory encryption technologies. However, program code and the data processed by the code are usually stored unencrypted on cloud disks. In this case, you can encrypt data on cloud disks within the instance by using mechanisms, such as Linux Unified Key Setup (LUKS) and BitLocker. This ensures that data is encrypted independently of Alibaba Cloud before it flows out of the security boundary of the instance and you can manage the encryption keys of cloud disks by yourself. This topic describes how to encrypt cloud disks attached to a confidential computing-capable ECS instance to enhance security. In this topic, an encrypted cloud disk attached to a confidential computing-capable ECS instance is referred to as a confidential cloud disk.

Note

To encrypt cloud disks on confidential computing-incapable ECS instances, we recommend that you use the disk encryption feature provided by Alibaba Cloud Elastic Block Storage (EBS).

Encryption overview

How encryption works

Confidential cloud disks provide block storage-level data encryption and protection based on the LUKS2 technology of Linux. To create a confidential cloud disk based on a cloud disk attached to a confidential computing-capable ECS instance, perform the following operations:

Initialization: Identify the block device you want to initialize, which is a partition of the underlying cloud disk. In this topic, the block device is called a volume. Use the Cryptpilot tool to initialize the selected volume and store confidential data in the volume in succeeding steps.
Important
During initialization, the original data on the block device is erased. Proceed with caution to prevent accidental operations.
Open: Use Cryptpilot to open the initialized volume. A new virtual block device is created on the ECS instance. Data written to the virtual block device is encrypted and stored in ciphertext on the underlying cloud disk. When the encrypted data is read from the virtual block device, it is automatically decrypted. The encryption and decryption take place in the Linux kernel, which can effectively prevent plaintext leaks.

Encryption algorithm

The encryption of confidential cloud disks uses a key encryption key (KEK) and a master key (device unique key).

During initialization, a master key is generated by using the secure random number algorithm. The key is directly used for data encryption and uses the industry-standard 256-bit Advanced Encryption Standard (AES) encryption algorithm. You can provide a passphrase as a secret for the master key. The initialization generates a KEK based on the secret by using a key derivation algorithm and uses the KEK to encrypt the master key.
When you open a volume, a KEK is generated from the provided secret and then used to decrypt the master key. This way, confidential data can be decrypted. The encryption and decryption can be accelerated by using the AES hardware-based encryption capability of a confidential computing-capable ECS instance. This reduces performance overhead due to encryption.

Secret storage methods

Confidential cloud disks support the following methods to store secrets. We recommend that you configure the secret information required for opening a volume in advance. This eliminates the need to enter the secret information when the associated ECS instance is started.

One Time Password (OTP): automatically generates a secure temporary secret to initialize the volume upon opening. You do not need to separately initialize the volume.
Important
A different secret is generated each time the volume is opened. OTP is ideal for temporary data disks or swap partition scenarios. You cannot store confidential data that requires persistence after the ECS instance is shut down on this type of volume.
Key Management Service (KMS): stores secrets in Alibaba Cloud KMS. You must configure KMS access information on the ECS instance. When the volume is opened, the ECS instance automatically accesses Alibaba Cloud KMS to obtain the secret used to encrypt and decrypt data in the volume. This method is ideal for confidential data that requires persistence.

Integrity support

In addition to preventing unauthorized access to and disclosure of confidential data, you must prevent attackers from tampering with confidential data in specific scenarios, such as the storage of Large Language Model (LLM) weights and training datasets. Confidential cloud disks provide data integrity support by using the authenticated encryption with associated data (AEAD) encryption mode.

Considerations

You can encrypt data disks attached to only ECS instances that support Trust Domain Extensions (TDX) confidential computing or heterogeneous confidential computing.
The rollback of cloud disks does not compromise data integrity or confidentiality. Therefore, the confidential cloud disk solution cannot identify such attacks. To resolve the issue, we recommend that you check data versions at the application level based on security requirements.

Procedure

Step 1: Prepare the environment

Create a confidential computing-capable ECS instance.
Connect to the confidential computing-capable ECS instance.
For more information, see Use Workbench to connect to a Linux instance over SSH.
Install Cryptpilot.
```
sudo yum install -y cryptpilot
```
Check the Cryptpilot version.
```
cryptpilot --version
```

Step 2: Create and attach a cloud disk

Important

Encrypting an existing cloud disk erases the original data on the disk. We recommend that you create a new data disk to perform operations.

Create an empty data disk.
Attach the data disk to the ECS instance.
Initialize the data disk.
When you initialize the data disk, create only partitions and file systems and do not mount file systems on the disk. Encrypt the data disk before you mount file systems on the disk.
View the disk and partition information of the ECS instance.
```
lsblk
```
The following command output indicates that two cloud disks are attached to the ECS instance.
- /dev/nvme0n1: the system disk.
- /dev/nvme1n1: the created data disk with two empty partitions, which are /dev/nvme1n1p1 and /dev/nvme1n1p2.

Step 3: Create a volume with an Ext4 file system

Closing a temporary volume erases the confidential data in the volume. Temporary volumes are ideal for temporary data disks or swap partition scenarios.
A persistent volume retains confidential data after it is closed. Persistent volumes are ideal for confidential data that requires persistence.

Create a temporary volume with an Ext4 file system

Create and configure the /etc/cryptpilot/volumes/data0.toml file.

Note

The configuration file is in the Tom's Obvious Minimal Language (TOML) format. Its name uses the .toml suffix and can be different from the volume name.

Modify the following configurations in the configuration file based on your business requirements:

sudo bash -c 'cat > /etc/cryptpilot/volumes/data0.toml << EOF
# Volume configurations.
dev = "/dev/nvme1n1p1"    # Specify the block device you want to use, which is an empty partition of the cloud disk. In this example, /dev/nvme1n1p1 is used. 
volume = "data0"          # Specify the volume name. In this example, data0 is used. 
auto_open = false         # Specify whether to automatically open the volume on system startup. true means that the volume is automatically opened on system startup, while false means that manual opening is required. 
makefs = "ext4"           # Specify the type of the file system you want to create. In this example, Ext4 is used. 
integrity = true          # Specify whether to enable data integrity support. true means that data integrity support is enabled, while false means that it is disabled. 

# Secret configurations.
[encrypt.otp]             # Specify the secret storage method. In this example, OTP is used. 
EOF'

View the volume status.
```
sudo cryptpilot show
```
You can view the configuration information of the data0 volume.
- Initialized column: indicates that the volume does not need initialization because OTP is used.
- Opened column: indicates that the volume is not opened.
Open the volume and view the volume status.
1. Open the volume.
```
sudo cryptpilot open data0
```
2. View the volume status.
```
sudo cryptpilot show
```
  In the following command output, True is displayed in the Opened column, which indicates that the volume is opened.
3. Check the virtual block device corresponding to the volume.
```
sudo file -Ls /dev/mapper/data0
```
  After the volume is opened, a virtual block device is created in the /dev/mapper/<Volume name> directory.
Mount the file system of the volume and view the mounting result.
1. Mount the data0 volume to the /mnt/ directory.
```
sudo mkdir -p /mnt/data0
sudo mount -t ext4 /dev/mapper/data0 /mnt/data0
```
2. View the mounting result.
```
mount | grep data0
ls -la /mnt/data0/
```
  The following command output indicates that the volume is mounted and contains an empty Ext4 file system.
Close the volume.
Important
- In this example, OTP is used. After the volume is closed, all confidential data stored in the volume is lost.
- Before you close the volume, stop the business processes that read data from and write data to the volume and unmount the file system of the volume to ensure that the volume is not occupied.
1. Unmount the file system of the volume.
```
sudo umount /mnt/data0
```
2. Close the volume.
```
sudo cryptpilot close data0
```
3. View the volume status.
```
cryptpilot show
```
  The following command output indicates that the volume is closed.

Create a persistent volume with an Ext4 file system

Run the following commands to randomly generate a Base64-encoded secret for volume encryption in a secure environment:
```
sudo yum install -y coreutils
head -c 256 /dev/urandom | base64 -w 0
```
Save the generated secret.
Create an Alibaba Cloud KMS instance and a generic secret.
1. Purchase and enable a KMS instance.
  Note
  - You can select a key management type for the KMS instance based on your security requirements. In this example, Software Key Management is selected.
  - The KMS instance must be in the same virtual private cloud (VPC) as the ECS instance.
2. Create a software-protected key.
3. Create a generic secret.
  - Secret Name: Enter a generic secret name based on the instance. In this example, confidential_cloud_disk_passphrase is used.
  - Secret Value: Select Plain Text and enter the Base64-encoded secret generated in the previous step.
  - CMK: Select the software-protected key created in the previous step.
4. Create an application access point (AAP) and obtain the certificate authority (CA) certificate of the KMS instance.
  Make sure that you obtain the following information:
  - Application Access Secret (ClientKeyContent): By default, this information is saved in a file named in the clientKey_****.json format.
  - Password (ClientKeyPassword): By default, this information is saved in a file named in the clientKey_****_Password.txt format.
  - CA certificate of the KMS instance: By default, the CA certificate is downloaded to a file named in the PrivateKmsCA_kst-******.pem format.

Create and configure the /etc/cryptpilot/volumes/data1.toml file.

Create the /etc/cryptpilot/volumes/data1.toml file.

Configure the file.

Note

The configuration file is in the TOML format. Its name uses the .toml suffix and can be different from the volume name.

Modify the following configurations in the configuration file as needed:

# Volume configurations.
dev = "/dev/nvme1n1p2"        # Specify the block device you want to use, which is an empty partition of the cloud disk. In this example, /dev/nvme1n1p2 is used. 
volume = "data1"              # Specify the volume name. In this example, data1 is used. 
auto_open = false             # Specify whether to automatically open the volume on system startup. true means that the volume is automatically opened on system startup, while false means that manual opening is required. 
makefs = "ext4"               # Specify the type of the file system you want to create. In this example, Ext4 is used. 
integrity = true              # Specify whether to enable data integrity support. true means that data integrity support is enabled, while false means that it is disabled. 

# Secret configurations.
[encrypt.kms]                 # Specify the secret storage method. In this example, KMS is used. 
secret_name = "confidential_cloud_disk_passphrase"   # The name of the generic secret stored on the KMS instance. In this example, confidential_cloud_disk_passphrase is used. 
# The content in the Application Access Secret (ClientKeyContent) file, which is named in the clientKey_****.json format.
client_key = '''
{
  "KeyId": "KAAP.b183152a-c3bf-43ae-9399-a101607b****",
  "PrivateKeyData": "MIIJ0wIBAzCCCZ8GCSqGSIb3DQE****"
}
'''
client_key_password = "258372e962f5204ce648bc66243f****"    # The content in the Password (ClientKeyPassword) file, which is named in the clientKey_****_Password.txt format.
kms_instance_id = "kst-bjj67d004a85ykq80****"               # The ID of the KMS instance.
# The content in the CA certificate file of the KMS instance. The file is named in the PrivateKmsCA_kst-******.pem format.
kms_cert_pem = """
-----BEGIN CERTIFICATE-----
MIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMH****
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID3zCCAsegAwIBAgIJAO8qnQyTy8/kMA0GCSqGSIb3DQEBCwUAMH****
-----END CERTIFICATE-----
"""

View the volume status.
```
sudo cryptpilot show
```
You can view the configuration information of the data0 volume.
- Initialized column: indicates that the volume is not initialized.
- Opened column: indicates that the volume is not opened.
Initialize the volume and view the volume status.
1. Initialize the volume.
```
sudo cryptpilot init data1
```
2. View the volume status.
```
sudo cryptpilot show
```
  In the following command output, True is displayed in the Initialized column, which indicates that the volume is initialized.
Open the volume and view the volume status.
1. Open the volume.
```
sudo cryptpilot open data1
```
2. View the volume status.
```
sudo cryptpilot show
```
  In the following command output, True is displayed in the Opened column, which indicates that the volume is opened.
3. Check the virtual block device corresponding to the volume.
```
sudo file -Ls /dev/mapper/data1
```
  After the volume is opened, a virtual block device is created in the /dev/mapper/<Volume name> directory.
Mount the file system of the volume and write data to the file system.
Mount the data1 volume to the /mnt/ directory and create the /mnt/data1/data.txt file to represent confidential data.
```
sudo mkdir -p /mnt/data1
sudo mount -t ext4 /dev/mapper/data1 /mnt/data1
echo "secret data" | sudo tee /mnt/data1/data.txt > /dev/null
```
Close and reopen the volume to check the data you wrote to the volume.
Important
- In this example, the KMS storage method is used. After the volume is closed, no confidential data stored in the volume is lost.
- Before you close the volume, stop the business processes that read data from and write data to the volume and unmount the file system of the volume to ensure that the volume is not occupied.
1. Unmount the file system of the volume and close the volume.
```
sudo umount /mnt/data1
sudo cryptpilot close data1
```
2. Reopen the volume, mount the file system of the volume, and then access files in the volume.
```
sudo cryptpilot open data1
sudo mount -t ext4 /dev/mapper/data1 /mnt/data1
cat /mnt/data1/data.txt
```
  You can find that the previously written data still exists, which verifies the persistent storage capability of the volume.

Step 4: Configure the ECS instance to automatically open the volume on instance startup

Modify the configuration file of the volume.
To automatically open the volume on instance startup, change the value of the auto_open field in the configuration file to true.
(Optional) For a persistent volume, you must manually initialize the volume by running the sudo cryptpilot init <Volume name> command before you configure the ECS instance to automatically open the volume on instance startup.
Start Cryptpilot and configure it to automatically run on system startup.
Important
Each time you modify the Cryptpilot configurations, you must start Cryptpilot and configure it to automatically run on system startup to ensure that the Volume Auto-open feature takes effect.
```
sudo systemctl enable --now cryptpilot.service
```
Restart the ECS instance in the ECS console.
View the volume status.
```
sudo cryptpilot show
```
The following command output indicates that the volume is automatically opened.

Cryptpilot configurations

By default, the following configuration files of Cryptpilot are stored in the /etc/cryptpilot/ directory:

Global configuration: The default path is /etc/cryptpilot/global.toml.

# Configuration related to cryptpilot boot service.
[boot]
# Enable this option if you want to see more log when running cryptpilot boot service in initrd stage and in system stage.
verbose = false

Volume configuration: The default path is /etc/cryptpilot/volumes/. Each volume corresponds to a configuration file.

Secret storage type: OTP

# The name of resulting volume with decrypted data, which will be set up below `/dev/mapper/`.
volume = "data0"
# The path to the underlying encrypted device.
dev = "/dev/nvme1n1p1"
# Whether or not to open the LUKS2 device and set up mapping during booting. The default value is false.
auto_open = true
# The file system to initialize on the volume. Allowed values are ["swap", "ext4", "xfs", "vfat"]. If is not specified, or the device is not "empty", i.e. it contains any signature, the operation will be skipped.
makefs = "ext4"
# Whether or not to enable support for data integrity. The default value is false. Note that integrity cannot prevent a replay (rollback) attack.
integrity = true

# One Time Password (Temporary volume)
[encrypt.otp]

Secret storage type: KMS

# The name of resulting volume with decrypted data, which will be set up below `/dev/mapper/`.
volume = "data0"
# The path to the underlying encrypted device.
dev = "/dev/nvme1n1p1"
# Whether or not to open the LUKS2 device and set up mapping during booting. The default value is false.
auto_open = true
# The file system to initialize on the volume. Allowed values are ["swap", "ext4", "xfs", "vfat"]. If is not specified, or the device is not "empty", i.e. it contains any signature, the operation will be skipped.
makefs = "ext4"
# Whether or not to enable support for data integrity. The default value is false. Note that integrity cannot prevent a replay (rollback) attack.
integrity = true

# Aliyun KMS
[encrypt.kms]
# The id of KMS instance
kms_instance_id = "kst-XXXXXXXXX"
# The name of the secret store in the KMS instance.
secret_name = "XXXXXXXXX"
# Content of the clientKey_****.json file.
client_key = '''
{
  "KeyId": "KAAP.XXXXXXXXX",
  "PrivateKeyData": "XXXXXXXXX"
}'''
# Content of the clientKey_****_Password.txt file.
client_key_password = "XXXXXXXXX"
# The CA cert of the KMS (the content of PrivateKmsCA_kst-******.pem file).
kms_cert_pem = """
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
"""