When Celadon is running in a container or a virtual machine, the host OS must perform necessary security hardening and customization to make sure it can be treated as the TCB of Celadon. We recommend you harden the OS from the below side (not limited):
- OS integrity protection
- Enable secure boot. To ensure starting verification from the hardware back root of trust from the TPM and go all the way up to the system kernel.
- User space file protection. The host OS should leverage DM-verity, IMA/EVM, or any other solution to ensure the user space system file integrity to avoid a broken trust boot chain to Android*.
- Malicious software prevention. The host OS should provide a solution to prevent installation of any malicious software that could break the verified boot chain and prevent a performance run-time attack on the VM/container.
- Data encryption: TPM-backed FDE or FBE. Hardware-backed data encryption is required to protect the host data file confidentiality of the VM and container.
- Access control. Both DAC and MAC solution are required to protect the isolation of the VM and container. SELinux is used to harden the access to critical files. Some host operating systems don’t support SELinux. In this case, use AppArmor* or other equivalent technology.