Awesome Confidential Computing

Collection of materials to help with the understanding of this fascinating technology.

Big Picture

Confidential computing protects your workload from unauthorised entities — the host or hypervisor, system administrators, service providers, other VMs, and processes on the host.

A Trusted Execution Environment (TEE) is at the heart of a confidential computing solution. TEEs are secure and isolated environments provided by confidential computing (CC) enabled hardware that prevents unauthorised access or modification of applications and data while in use

The following diagram provides a logical view of confidential computing solution. This can be used as a mental model to have a better understanding of the technology.

Source: Understanding a confidential computing solution

Overview

• Confidential Computing Overview and Use cases
• Process based and VM based TEEs

Hardware with CC support

• AMD SEV
• ARM TrustZone
• IBM Secure Execution
• IBM PEF
• Intel SGX
• Intel TDX

Operating System with CC support

• Linux support - SEV
• Linux support - SGX
• Linux support - TDX
• Linux support - PEF

CC Software Stack (Opensource)

• Apache Teaclave
• CNCF Confidential Containers
• Enarx
• Google Asylo
• Inclavare containers
• Libkrun
• Microsoft Confidential Consortium Framework
• MarbleRun
• Occulum library OS
• Openenclave SDK
• Veracruz

Attestation

• Remote Attestation Procedures Architecture
• Comparing Attestation Process across different silicon vendors
• Understanding Attestation Process
• Azure attestation service

Products and Offerings

• AWS Confidential Computing Offerings
• Azure Confidential Computing Offerings
• Google Confidential Computing Offerings
• IBMCloud Confidential Computing Offerings
• ISV Offerings

Misc

• Intel Confidential Computing Zoo
• Awesome SGX Opensource
• Awesome SGX