This repository contains the literature research on the current state of Confidential Compute at Google Cloud Platform (GCP).
The goal of this document is to provide an overview of the Confidential Compute service and shielded VM provided by Google Cloud (GCP).
This document includes: (1) the description of the trust-layers used by Google, (2) links to resources, (3) example code and (4) an explicit literature research into known vulnerabilities of the AMD EPYC CPU that is the main hardware component of the Google Confidential Compute.
The perspective of this analysis is to determine, the level of decoupling there can be realized between you as GCP user and GCP as Cloud Service Provider (GCP).
A common use case for this requirement is the processing of Personally identifiable information (PII) that needs to be decoupled from parties under US law, when it concerns data of EU Citizens due to EU GDPR legislation.
Topics discussed in this document are:
- GCP Titan (TPM)
- GCP Shielded VM (vTPM)
- GCP Confidential VM (TEE)
- GCP Integrity Monitoring
- GCP Organizational Policies
- GCP Combining Encryption
The goal is to have various Subject Matter Experts (SME) review
(1) this document and
(2) the Zotero reference library,
and to provide feedback via for example adding issues in the GitHub tracker.
To achieve this, from a compliance viewpoint, is by not including information from any of our clients and employers. In addition the context of and in a company is very specific and unique and therefore difficult to comment on by SME’s not knowledgeable of this context.
This analysis is documented in the LaTeX format, so that versioning and contribution can be facilitated via Git/ GitHub and is open for everybody to contribute.
The Confidential Compute technology and the offerings at GCP are continuously updated, so this analysis should also be continuously updated.
The content of this document is a (re-)mix of available public sources. The original authors are Maarten Baijs, Laurens Knoll and Edzo Botjes. This document includes reference to these public sources. The license of this document is Creative Commons By Association 4.0. This implies that everybody is free to use, adapt and change the content of this document but needs to mention explicitly that this document is the source.
-
References are part of the public Zotero reference group
“confidential compute”. -
Zotero is an open source reference manager.
-
Zotero has great support in academia for example: Caltech University Library, APA - Compatible reference tools, How to use zotero in google docs.
-
This document was maintained as Google Document before but is now maintained on github.
This repository contains examples from the blog post How to annoy your co-authors: a Gitlab CI pipeline for LaTeX.
This latex-pipeline is using Docker and GNU make together with latexMK in a the texlive:latest container.
The texlive:latest container. is updated weekly by the texlive organisation.
When you need to change the (advanced) setting, y
ou can do this via the Makefile
and latexmkrc
files.
make clean render
OR
to keep compiling the pdf when the input files are updated.
make clean render LATEXMK_OPTIONS_EXTRA=-pvc
This runs the PDF viewer Evince that refreshes.
evince paper/latexmk/main.pdf
automatically when the pdf is changed.
- Every sentence around 7 words.
- After every '.' an \n (enter) in the source file.
- Every \cite or \citep on a new line (\n).
- When in landscape images to the right, text to the left.
- Language setting is US_EN
- Figures have as label prefix 'fig:'
- All figures should have transparent background color.
- Update authors information (org).
- Setup/ reserve an DOI in Zenodo for this doc.
- Move backlog to github .
- Refactor gitlab-ci to github actions.
- Adjust latex template design based on Binx based on Xebia.
- Rotate whitepaper to landscape
- The google font familiy is well supported in LaTeX, new and free to use.
- Currently this document is using the Noto font.
- The Noto font is part of google font familiy and has extensive math and unicode support
- Noto@google_font
- Notomath@utwente
- Noto@Overleaf
- Noto Sans@tug
\usepackage[sfdefault]{noto}
\usepackage[T1]{fontenc}
- "The elegant EB Garamond is a fantastic alternative for Times New Roman."
- EB Garamond@google_font
- EB Garamond@tug
\usepackage[cmintegrals,cmbraces]{newtxmath}
\usepackage{ebgaramond-maths}
\usepackage[T1]{fontenc}
- Merriweather is softer and more casual than Times New Roman, yet still distinguished.
- Merriweather@google_font
- Merriweather@tug
\usepackage{merriweather} %% Option 'black' gives heavier bold face
\usepackage[T1]{fontenc}
\usepackage[sfdefault]{roboto} %% Option 'sfdefault' only if the base font of the document is to be sans serif
\usepackage[T1]{fontenc}
- "The mission of the Scientific and Technical Information Exchange (STIX) font creation project is the preparation of a comprehensive set of fonts that serve the scientific and engineering community in the process from manuscript creation through final publication, both in electronic and print formats."
- stix2 homepage
- Stix2@tug
\usepackage[T1]{fontenc}
%\usepackage{stix2}