Help Center/ Elastic Cloud Server/ Drawer/ Purchasing an ECS/ Basic Configurations/ Trusty System
Updated on 2025-10-30 GMT+08:00
Share

Trusty System

Secure Boot

Secure boot is used to check the integrity of each component (driver loader, kernel, and kernel driver) during device startup. This prevents security threats to the system and user data caused by loading and running unauthenticated components.

Secure boot is a feature of the Unified Extensible Firmware Interface (UEFI) that requires all low-level firmware and software components to be verified before being loaded. During the boot process, UEFI secure boot checks the signature of each boot software, including the UEFI firmware driver (also called ROM option), Extensible Firmware Interface (EFI) application, OS driver, and binary files. If the signature is valid or recognized by the original equipment manufacturer (OEM), the device will boot, and the firmware will hand over control to the OS.

Secure boot uses key pairs to sign and verify boot devices, ensuring that ECSs only boot software signed by encryption keys. This protects software from threats during the boot process. The secure boot key is stored in the key database of the UEFI non-volatile variable storage.
  • After secure boot is enabled, the system verifies component integrity during system startup, which does not affect services.
  • After secure boot is disabled, the system does not verify component integrity during system startup, which does not affect services.

For details, see Configuring Secure Boot for an ECS.

TPM

QingTian TPM is a virtual device that complies with the TPM 2.0 specifications. QingTian TPM can be used as the root of trust of an ECS to build a trust chain that covers system boot and user-specified applications and implement remote attestation. In addition, QingTian TPM can securely store tenant identity authentication data, such as passwords, certificates, and encryption keys. QingTian TPM can generate keys and use them for cryptographic functions, such as hashing, signing, encryption, and decryption.

QingTian TPM provides measured boot. During the process, the bootloader and OS create a cryptographic hash for each boot binary file and combine them with the previous values in the Platform Configuration Registers (PCRs) of QingTian TPM. With measured boot, you can obtain signed PCR values from QingTian TPM and use them to prove the integrity of the boot software of an instance to a remote entity. This is called remote attestation.

With QingTian TPM, keys and secrets can be tagged with specific PCR values so that they can never be accessed if the PCR values and instance integrity change. This special form of conditional access is called sealing and unsealing. OS technologies, such as BitLocker, can use QingTian TPM to seal drive decryption keys so that drives can only be decrypted when the OS is correctly booted and in a known good state.

For details, see Configuring QingTian TPM for an ECS.

Enclave

  • QingTian Enclave instances are secure and isolated virtual machines (VMs) using the QingTian architecture. The instance that has the ownership of QingTian Enclave instances is called the parent instance. QingTian Enclave instances are completely independent VMs and have no persistent storage, interactive access, or external networking. They communicate with the parent instance through a secure local channel, which is called vsock. Even the root user of the parent instance cannot access or SSH into QingTian Enclave instances.
  • The QingTian Hypervisor isolates the vCPUs and memory of QingTian Enclave instances from the parent instance to provide an isolated environment and greatly reduce the attack surface area. QingTian Enclave helps you protect sensitive core data and applications and enhance the security of your services running in QingTian Enclave instances.

For details, see What Is QingTian Enclave?

Parent Topic: Basic Configurations