Persisting Mutable Storage Inside The "T"EE

The debate centers around the optimal approach for managing storage devices and ensuring data integrity and security. One proposed solution emphasizes the use of Trusted Execution Environments (TEEs) to run signer code with ephemeral keys across multiple storage devices, thereby building resilience against the failure of several devices simultaneously. This method contrasts with a more conventional strategy that would simply rely on redundancy among the storage devices themselves.

A key advantage of the TEE-based scheme is its minimal operational complexity. The storage TEE program's duties are straightforward: validating requests from an authorized main program, reading and writing sectors, optionally copying sectors, and securely erasing sectors if necessary. This simplicity significantly reduces the need for updates or restarts, enhancing the system's overall uptime and reliability. Moreover, the storage TEE does not hold any private keys, which eliminates the risks associated with key management and potential side channel attacks on the TEE that might compromise those keys.

In scenarios where the main application must store keys and is concerned about potential side channel vulnerabilities in the TEE, encryption of the keys can be employed. This allows the main application to remain agile, capable of restarting and migrating to secure hardware without compromising the encrypted data's integrity. The architecture ensures that the main program operates statelessly with respect to private keys, except for the necessary one it manages, facilitating easy updates and maintenance while delegating the responsibility of trust to the operators overseeing software updates.

Furthermore, the storage model described guarantees high availability and security by decoupling storage operations from sensitive key management. Data stored on the TEE is effectively in "plaintext" from the perspective of the TEE, even though it is encrypted by the main program before storage. This design choice negates the need for establishing encrypted tunnels between the main program and the TEE for data storage, relying instead on cryptographic signatures to assure data integrity during transfer.

Additionally, the approach addresses concerns regarding rollback attacks by implementing remote hardware attestation during read operations. This ensures that the data returned in response to read requests is current and has not been tampered with. Options for disk encryption like LUKS or ZFS are suggested to further safeguard data, with the possibility of using standard tools for managing encryption keys and ensuring the integrity of stored data.

Overall, the argument posits that a TEE-based storage solution, characterized by its operational simplicity and separation from key management tasks, provides a robust framework for securing data in distributed storage systems. This method not only enhances security by minimizing exposure to side channel attacks but also offers a flexible and efficient mechanism for data encryption and access control, tailored to prevent data integrity issues and unauthorized access.