The Linux Foundation Projects
Skip to main content
Yearly Archives

2024

Feb 27

CCC Newsletter- January 2024

By Newsletter No Comments

Hello Community Member,

Welcome to the New Year. We’re excited to continue to connect with you and help drive innovation. You’ll hear from us on a monthly basis (at least) for any news and insightful information.

A quick reminder of what we’re about: Confidential Computing Consortium is a community focused on open-source licensed projects securing DATA IN USE and accelerating the adoption of confidential computing through open collaboration. We welcome all members and projects to be involved and engaged. We’re all contributors to shaping the future of Confidential Computing.

Without further ado, let’s get into the content.

CCC Presence in 2023

We wrapped up a busy year of growth and lots of activities. By bringing in the new Executive Director, Mike Bursell, along with our community members’ participation, we’ve increased our presence at industry conferences significantly.

You can hear from Mike on how his first year at CCC as the ED has been and where he is looking to take on in 2024 in his blog.

Technical Community

In 2023 we focused on growing three things: our projects, ecosystem recognition, and our community. Our technical community made great strides on each of these. Our open-source project portfolio is wider and more mature. Outside of the CCC, we contributed security expertise to public documents and standards organizations. As we grew to deliver these projects and papers, we maintained our emphasis on growing a positive community where everyone is welcome, and anyone can learn and contribute.

Read Open Source Highlights

Welcome, Sal Kimmich

We’ve started the year off strongly with the addition of Sal Kimmich to the CCC staff team as Technical Community Advisor. Sal has lots of experience in open source communities and security, and is already shaking up what we’re doing (in a number of excellent ways). Expect to hear lots more from Sal. Read more on Sal.

What’s New…

  1. Newsletter: We’ll be bringing you more insightful news from all across the CCC horizon. We’re going to have a regular segment update covering TAC news, Outreach news, Member/ED news, and Project/TCA news.
  2. Outreach SIG: Outreach has new SIGs! In 2024, we’ll be upleveling the outreach efforts across these 4 main focus areas:Events, Web Presence, Technical Documents, and Demos. Each SIG has a lead and participating members to streamline the process. Join us in our bi-weekly Outreach Meeting to participate.
  3. New Look, New Presence: CCC Outreach brought in Linux Foundation’s Sr. Marketing PM, Jen Shelby, to make CCC’s external presence to be cohesive and organized. She’ll be working closely with our Web Presence SIG to improve our website, external publication, social, graphic design, and so much more. 

Member Benefits: If you’re unclear about what you can get from participating in the CCC, check out the new benefits page on the website. We also want to encourage ecosystem growth, particularly around start-up participation. For any members, prospective members, or anyone with use cases for or interest in Confidential Computing who wants to get in touch, email Mike Bursell (ED) to see how we can help.

Upcoming Events

Take a look at our upcoming industry engagement and see where you and your team can participate.

  1. FOSDEM (Feb 3-4): CCC is hosting a social hour to support the Confidential Computing Devroom. Email Event SIG if you want to RSVP.
  2. State of Open Con (Feb 6-7): TCA Sal Kimmich is giving a talk.
  3. Rocky Mountain Cyberspace Summit (Feb 19): ED Mike Bursell is attending.
  4. PET EU (Feb 27-28): CCC is an Associate Partner and will host multiple sessions. 
  5. OC3 (Mar 13): CCC is hosting 15-min session.
  6. OSS NA (Apr 16-18): CCC is hosting a Mini-Summit.
  7. RSA (May 6-9): Come see us at the CCC booth. All member companies are welcome to collaborate with us. 
  8. CC Summit (Jun 5-6): CCC is co-hosting the conference.

**For your inquiry, please email Events SIG.

Member Content

Enclaive.io Enclaive.io cordially invites you to the public preview of the virtual Hardware Security Module (vHSM) – a breakthrough in key management for cloud environments. Leveraging advanced confidential compute and virtualization, Enclaive’s vHSMs offer unmatched scalability and flexibility, easily adapting to dynamic requirements in modern data centers. To sign up for the public preview, please contact Enclaive team

Industry Scoop

Feb 20

Fujitsu Strengthens Commitment to Secure Computing: Joins Confidential Computing Consortium as General Member

By Announcement No Comments

Fujitsu has strengthened its commitment to secure computing by joining the Confidential Computing Consortium as a General Member. It reflects its dedication to leading-edge technology and recognizes security’s paramount importance as a global information and communication technology (ICT) leader in the digital age.

Through active participation in the consortium, Fujitsu becomes a key player in shaping the future of secure computing, collaborating with industry leaders to contribute expertise and resources to develop open-source technologies enhancing data security and privacy.

This membership marks a crucial step in Fujitsu’s journey to fortify data security, establishing itself as a secure and confidential computing leader alongside other industry leaders. As the consortium drives innovation, we anticipate transformative advancements, leading to a redefined data security landscape.

Confidential Computing Consortium unites industry leaders to advance confidential computing, focusing on secure data-in-use and safeguarding sensitive information during processing. Fujitsu’s alignment with like-minded organizations underscores its commitment to data security through open-source technologies.

Confidential computing introduces a paradigm shift in securing sensitive data, addressing the need to protect data during processing, in addition to traditional measures for data at rest and in transit. This approach ensures encryption and protection of sensitive information during active use.

The consortium provides a collaborative platform for members to share insights, expertise, and resources. Fujitsu’s involvement signifies a shared commitment to fostering innovation and driving advancements in confidential computing. As technology evolves, collaboration becomes crucial in addressing complex challenges and overcoming emerging threats.

Learn more about the Confidential Computer Consortium and how to get involved.

Read about other organizations who recently joined CCC.

NVIDIA

TikTok

Feb 13

Highlights from the Confidential Computing DevRoom at FOSDEM

By Blog No Comments

By Sal Kimmich

The Confidential Computing DevRoom at FOSDEM brought together experts and enthusiasts to discuss and demystify the rapidly evolving field of Confidential Computing. The event was a melting pot of ideas, showcasing the latest advancements, practical applications, and the future direction of this technology.

 Kickoff: Unveiling the Essence of Confidential Computing

The DevRoom opened with Fritz Alder, Jo Van Bulk, and Fabiano Fidencio welcoming attendees and setting the stage for the day’s discussions. They emphasized the importance of adhering to the Confidential Computing Consortium (CCC) definition, highlighting key properties such as data confidentiality, integrity, and code integrity. The conversation also touched on contextual properties like code confidentiality, authenticated launch, and attestability, underscoring the diversity in application needs and security requirements.

Intel TDX: A Leap Towards VM Isolation

Dr. Benny Fuhry took the stage to deep dive into Intel Trusted Domain Extensions (TDX), presenting it as a groundbreaking approach to VM isolation. Intel TDX stands out by ensuring that each trust domain is encrypted with a unique key, a move aimed at mitigating Virtual Machine Monitor (VMM) attacks. With general availability announced alongside the 5th Gen Intel Xeon Scalable processors, Intel TDX is set to revolutionize memory confidentiality, integrity, and key management.

Watch this talk. 

 SGX-STEP: Enhancing Side Channel Attack Resolution

The SGX-STEP presentation from Luca Wilke spotlighted innovative techniques to counteract side-channel attacks, still a concern in the realm of Confidential Computing. Through detailed explanations of single stepping, interrupt counting, and amplification, the speakers shed light on improving temporal resolution for side-channel attacks, presenting a clear path toward more secure environments that could be used in Confidential Computing and beyond. 

Watch this talk. 

Database Security: Bridging Confidential Computing and Data Storage

Ilaria Battiston and Lotte Felius delved into the integration of confidential computing with database systems, presenting their research on secure databases. They discussed the performance overhead of utilizing SGX with SQLite and PostgreSQL, emphasizing the trade-offs between security and efficiency with preliminary results. Their work on minimizing performance impacts through vectorized processing inside secure enclaves provided valuable insights for developers aiming to secure database operations.

Watch this talk. 

Ups and Downs of Running Enclaves in Production

Evervault’s presentation from Cian Butler highlighted their innovative solutions for data security and compliance, focusing on encryption proxies and secure serverless functions. They discussed the challenges of monitoring and observability within AWS Nitro enclaves, showcasing their efforts to enhance reliability and performance in secure computing environments.

Watch this talk. 

 fTPM: Securing Embedded Systems

Tymoteusz Burak introduced the concept of fTPM implemented as a Trusted Application in ARM TrustZone, offering a compelling solution for enhancing the security of embedded systems. Despite challenges such as lack of secure storage and entropy sources, fTPM stands as a testament to the potential of leveraging Trusted Execution Environments (TEEs) for robust security measures.

Watch this talk.

Integrity Protected Workloads 

The presentation by Tom Dohrmann on Mushroom offered an insightful look into securing Linux workloads using AMD’s SEV-SNP technology. With a clear goal to run Linux programs securely, Mushroom addresses the critical need for integrity in remote code compilation on untrusted hosts. The architecture of Mushroom, built with a focus on minimalism and security, comprises a kernel and a supervisor, both developed in Rust, emphasizing efficiency and reduced host interaction. 

Watch this talk. 

Reproducible Builds For Confidential Computing

The talk by Malte Poll and Paul Meyer delved into a critical aspect of Confidential Computing: the validation of Trusted Computing Base (TCB) measurements through remote attestation and the importance of reproducible builds in this process. The presentation highlighted the challenges in the current landscape, where reference values for validating TCB measurements are often provided by third parties without transparent mechanisms for auditing their trustworthiness or origin. Advocating for an auditable CC ecosystem, the speakers emphasized the necessity for every component of the TCB to be open source and reproducible, allowing end-users to verify the deployed system comprehensively. Utilizing mkosi and Nix(OS), they showcased how to build fully reproducible OS images from source code to reference values for remote attestation, providing a foundation for projects like Constellation and the Confidential Containers project. This approach aims to enhance the trust and security in Confidential Computing by enabling the community to independently verify reference values, marking a significant step towards more transparent and secure computing environments.

Watch this talk. 

 Advancing Remote Attestation

Ionut Mihalcea and Thomas Fossati showed us the development and importance of remote attestation covered milestones from the formation of TCPA to the latest advancements in RATS EAT. This narrative underscored the critical role of remote attestation in establishing trust and preserving privacy within confidential computing frameworks.

Watch this Talk

FOSDEM: The Broader Impact 

FOSDEM concluded with a roundup of various DevRooms, highlighting the interconnectedness of confidential computing with other domains such as energy, community development, and monitoring. Special attention was given to the EU’s new open-source cloud initiative, IPCEI-CIS, showcasing the commitment to leveraging open-source solutions for enhancing security and privacy.

A Special Thank You

As we reflect on all the experiences and exchanges at FOSDEM, we want to share a special note of gratitude to all participants of the Decrypted Gathering – one that we received directly from the catering team who worked with us that night:

I catered your event and I have to thank you for having been the most respectful and polite clients I’ve ever seen… And I of course thank you for working for such a noble cause that is data protection and open OS.

Thank you for existing and you can congratulate all the persons present. It was unseen and so heartwarming for me/us. 

All the best,

Lauréline

Confidential computing is unique. It’s the kind of work that anyone can understand the value of, as soon as you explain the kind of data we try to keep private. Personalized medicine, space technology, and energy grids are all parts of Confidential Computing’s emerging sectors. 

I’m incredibly grateful to have a growing community of engineers, academics and technology giants all coming together around this work. Thank you to everyone who is helping us to bring Confidential Computing to the center stage of this year. 

Want to Get Involved with CCC? 

If you are still looking to get involved with the Confidential Computing Consortium, you can find more resources about our technical committees and institutional memberships here. All of our technical committee meetings are open to the public, and recorded for all to view. We welcome anyone who wants to join in on the conversations around Confidential Computing.

If there’s a concept or clarification from these talks you believe is important to share with the CCC community, get in touch with me at skimmich@contractor.linuxfoundation.org and we’ll help you do write it up as a blog post or webinar, and get the information out to everyone.

Jan 16

2023 CCC Open Source Highlights

By Blog, Uncategorized No Comments

In 2023 we focused on growing three things: our projects, ecosystem recognition, and our community.

Our technical community made great strides on each of these. Our open source project portfolio is wider and more mature. Outside of the CCC we contributed security expertise to public documents and standards organizations. As we grew to deliver these projects and papers, we maintained our emphasis on growing a positive community where everyone is welcome, and anyone can learn and contribute.

Projects

We grew projects in two vectors. First, for our existing projects we wanted to make sure they were useful and adopted. The prime example of that is Gramine moving to Graduated status as a reflection of its maturity and broad adoption.

Second, as a still young consortium we have plenty of room to add projects to address new areas or bring new approaches to existing areas. We are delighted to have made a home for new projects originating from Red Hat, Intel, VMWare/Broadcom, Samsung, and Suse. They join a portfolio originally provided by Red Hat, Microsoft, UNC, Intel, UC Berkeley, and Arm. These projects are now in an open governance setting where individuals unaffiliated with these organizations can bring their talents and contributions.

VirTEE provides tools and libraries to make development, management, and attestation of  Virtualization-based Confidential Computing easier.

Spdm-rs implements key protocols to bring devices into the Confidential Computing boundary like accelerators for AI/ML workloads.

The Certifier Framework aims to bridge across different Confidential Computing environments for one coherent application experience.

Islet broadens our portfolio from a cloud and server focus out to phones and other mobile devices.

Finally, coconut-svsm creates a secure layer under the OS to provide trusted capabilities like virtual TPMs.

Some of these projects are still on-boarding and will be listed on the CCC website soon.

Ecosystem

One of the exciting things about Confidential Computing is that it is both developing and yet already in production. As an open source organization, we tend to focus on the development, but we also serve a role in explaining how to use it in production to solve real problems.

In 2023 we generated a number of articles in plain language about topics from attestation to homomorphic encryption. We also broadened out from our own channels to respond to government RFCs and engage other standards organizations. Our Governance, Risk, and Compliance SIG takes point on these matters and coordinates inputs from our community’s wide pool of subject matter experts. You are welcome to join us on Wednesdays.

The Attestation SIG is one of our most educational forums. This past year we made sense of a wide array of formats and attestation patterns. Our Cloud Service Providers (CSPs) discussed their attestation services and took inputs on how to evolve them to meet emerging standards while contributors from IETF, TCG, and other standards organizations shared their directions and took input on how to address requirements from hardware, software, and service vendors.  The SIG also harmonized attestation approaches for TLS. A subteam produced a spec, implemented some open-source code and got the spec adopted in the IETF.  All that in ~1 year, which by standardization time standards is quite a remarkable feat. To contribute or learn more please join us Tuesdays or make some popcorn and enjoy our youtube feed.

In our last TAC meeting of the year we ratified a new SIG. We all rely so much on the Linux kernel and yet that’s not an area where the consortium has focused. We’ll be writing up more about our plans in a separate post, but for now we’ll just note that in 2023 we recognized that engaging more with the Linux Kernel community is one of the most important things we can do to make Confidential Computing easy to adopt.

Community

It’s said that culture is more important than any individual policy or initiative of an organization. In the CCC we have a culture of Inclusivity and of Minimum Viable Governance. One way to think about that is we prioritize our resources in ways to include everyone. In the past that has included funded internships to welcome people to our community. 2023’s incremental step was identifying conferences where we can reach communities that are underrepresented in the CCC. In some cases we became aware of a conference after a deadline and so headed into 2024 we look to build on what we learned in 2023 to reach the widest possible audience. Given the rate of growth we saw in 2023, 2024 is going to be a big year for Confidential Computing and our Consortium. We are glad to have a sound culture to grow from and the opportunity to expand to make computing more secure.

Finally, as just a teaser for one more announcement hitting the news in 2024… we closed out 2023 by hiring a Technical Community Architect. We found an excellent energetic person to help activate things for CCC maintainers, grow contributors, and help champion our projects in the open source ecosystem.

2024 is going to be great!

Jan 08

Welcoming Sal Kimmich to the Confidential Computing Consortium

By Announcement, Blog, In The News No Comments

The Linux Foundation’s Confidential Computing Consortium (CCC) is proud to announce Sal Kimmich joining as the Technical Community Architect. Sal’s career started by sharing Python scripts with other computational neuroscientists in the wild world of supercomputing. A decade later, they are still paying attention to the algorithmic side of open source tech.  

Before joining CCC, Sal worked as a scalable SecDevOps Machine Learning engineer and brought those contributions to the Cloud Native Computing Foundation (CNCF) and the Open Source Security Foundation (OpenSSF). They have focused on practical automation around security best practices that make the maintainer’s lives easier, like Security Slams.  

At CCC,  we are building the landscape for Trusted Execution Environments (TEEs) at the Linux Foundation as it becomes as Confidential Computing becomes foundational to cross-industry security practicesConfidentiality of data in use is also a cornerstone of digital progress: having hardware level trust in compute is critical to the wave of critical technologies in both edge and cloud. 

Sal’s vision for CCC is clear – to make maintainers’ work enjoyable and rewarding, to create tech demos that dazzle, and to showcase the world-class Open Source Projects enabling secure computation. 2024 marks the start of an incredible year of compute, collaboration and community expansion ahead, as runtime security takes the spotlight in emerging tech. 

Jan 03

CCC end-of-year blog post 2023

By Blog No Comments

This year has been a big one for the Confidential Computing Consortium, with a great deal of activity in the technical, outreach and governance spheres.  The most obvious difference was the Governing Board’s decision to appoint me as Executive Director.  I’ve been involved with the CCC since its inception in a variety of roles, from Premier member representative to Treasurer to General member representative to the Governing Board.  I’m delighted to be involved, working with the many members I already knew and getting to know those I didn’t, or who have joined recently.  Another major change was that our Chair of the GB since the foundation of the CCC in October 2019, Stephen Walli of Microsoft, stepped down, handing over to the previous vice-Chair, Ron Perez of Intel.  The transition was seamless, and we thank Stephen for his amazing leadership and service and Ron for his stepping up into the role.

Member survey

One of my first actions as Executive Director was to initiate a survey to help align the activities of the Consortium with members’ priorities.  This was backed up by conversations with various members and was extremely helpful in allowing me to decide where to be putting in the most effort.  The main priorities expressed were:

  • End-User involvement
  • Use cases
  • Regulator/standards engagement
  • Industry visibility
  • Increased AsiaPac activity/involvement
  • Member meet-ups
  • Conference speaking

The Governing Board endorsed these and they have set the scene for the work we have been doing for the second half the year and will continue into 2024.  I am planning a similar survey next year.

TAC and SIGs

The Technical Advisory Council (TAC) continues to be well-attended and the venue for much discussion, generally meeting for two hours every two weeks.  We often host presentations from external bodies or projects which are relevant or technically adjacent to Confidential Computing.  Another important task that the TAC undertakes is working with open source projects which are interested in joining the CCC.  The TAC provides technical and governance oversight and support through the process, and we currently have seven projects, with another two close to admission and at least two more going through the process.  Having a strong ecosystem of open source projects is vital for the healthy growth of Confidential Computing and is one of the core aims of the CCC.

The TAC also administers and coordinates the activities of several Special Interest Groups (SIGs).  The number of these increased to three this year: the Governance, Risk & Compliance SIG (GRC), the Attestation SIG and the Linux kernel SIG.  This last (and newest) is intended to work with the Linux kernel community to shepherd in work from members and the community and to allow communication to avoid “surprise” architectural or design changes and ease acceptance of new CC-related work.

Another important decision which is related to the work of the TAC was the decision to recruit a Technical Community Architect (TCA) to help coordinate the work of the TAC, the SIGs and the open source projects as the work they do grows.  More news on this will follow very shortly.

Brief listing of activities through the year

The Confidential Computing Consortium was involved in many activities during the year, including sponsoring, attending or participating in conferences across Europe, North America and Asia Pacific.  The list below includes most of the significant activities.

Jan/Feb

FOSDEM – Brussels
State of Open Con – London

Mar/Apr

FOSS Backstage – Berlin and online
OC3 – online
Website refresh and update
Mike Bursell appointed as Executive Director 

May

Wikipedia entry created – Confidential computing

Jun/July

Inaugural Confidential Computing Summit (250 attendees) – recordings available on-demand) and Happy Hour – San Francisco

Aug/Sep

DEFCON – Las Vegas
Diana Initiative – Las Vegas
OSS EU – Bilbao
Kubecon Asia – Shanghai

Oct/Nov

LF Member Summit – Monterey
PET Summit Asia – Singapore

Dec

OSS Japan – Tokyo

New members

We are delighted to have welcomed the following new members in 2023:

  • Acurast
  • BeekeeperAI
  • California Health Medical Reserve Corps
  • Canonical Group Limited
  • Cryptosat
  • enclaive
  • Hushmesh
  • Samsung Electronics Co. Ltd
  • SUSE LLC
  • Spectro Cloud, Inc.

We have a number of other organizations currently considering membership, who we hope to welcome early in 2024.

Planning for 2024

As we move into 2024, we have lots of plans to continue promoting Confidential Computing globally.  Here are some areas in which you can expect to see movement:

  • Clearly definition of the benefits of membership is available on the website
  • Closer work with and support for start-ups in the ecosystem
  • Lots of events, including an expanded Confidential Computing Summit 
  • A marketing package for events to allow quicker and further reaching involvement for all members attending
  • Work on use cases
  • Appearance of our new Technical Community Architect

Final word

I would like to thank everyone who has been involved in the Confidential Computing Consortium and the larger ecosystem over the past twelve months.  In particular, thank you to all those who make the CCC work through their involvement with our various committees and SIGs.  I would also like to send our best wishes to Helen Lau from the Linux Foundation who has departed (for now, we hope!) on parental leave and to thank Ben Sternthal and Riann Kleinhans for their work in supporting our mission.  Finally, may I wish you all the best for the festive season and a prosperous New Year.

Mike Bursell
Executive Director, Confidential Computing Consortium