How HaiGuang CSV Powers Secure Confidential Containers in Longxi 8.4

Through the collaboration between the Longxi community and HaiGuang, Longxi 8.4 officially supports confidential containers based on HaiGuang CSV technology, delivering a complete secure solution from image download to runtime.

CSV (Confidential Secure Virtualization) is HaiGuang's self‑developed security virtualization technology that uses national cryptographic algorithms. The CSV virtual machine encrypts memory writes and decrypts reads automatically in hardware, with each VM using a unique key.

1) Compute resources are isolated

HaiGuang CPUs use ASID (Address Space ID) to differentiate CSV VMs from the host, assigning each VM independent cache, TLB, and other CPU resources, ensuring isolation. Each VM has a distinct memory controller key managed by the HaiGuang security processor, so encrypted memory of one VM cannot be decrypted by the host or other VMs.

2) Startup process is measurable

The CSV VM startup is managed by the HaiGuang security processor. Users provide the VM image and its expected measurement value; the processor computes the actual measurement and compares it with the provided one. Only when they match does the VM start, preventing tampered images.

3) VM identity can be authenticated

Each HaiGuang CPU contains a unique chip key and a signed chip certificate. Users verify the certificate signature to confirm a legitimate HaiGuang chip, then check the VM’s attestation report—containing measurement, version, owner, and signed by the chip key—to confirm the VM’s authenticity and enable remote attestation.

The confidential container solution based on HaiGuang CSV combines Kata containers, CSV VMs, and Inclavare Containers. Kata creates a CSV VM as a trusted runtime, while the CSV VM’s remote attestation is merged with Inclavare’s RATS‑TLS. The attestation report, embedded in the TLS certificate, includes the TLS public key and a signature from the HaiGuang chip key, allowing users to verify that the container runs in a trusted CSV VM and that the TLS key is legitimate for secure communication.

Container images in the registry are encrypted. Verdictd manages the encryption keys; after verifying the CSV VM’s remote attestation report, Verdictd injects the image key into the CSV VM. The Kata agent inside the VM decrypts the image and runs the container, keeping all data—both at rest and in memory—encrypted throughout the container’s lifecycle.

Detailed documentation and operation guides are available in the Longxi Confidential Computing SIG; interested users are encouraged to try it out.

Longxi Cloud‑Native Confidential Computing SIG link: https://openanolis.cn/sig/coco