The Linux Foundation Projects
Skip to main content
Yearly Archives

2025

Jan 15

Introducing the Messaging Guide for Confidential Computing

By Blog No Comments

Adopting on-demand computing for sensitive and private workloads is critical in today’s interconnected and data-driven world. We need simple, fast, and reliable security mechanisms to protect data, code, and runtimes to achieve this. The Confidential Computing Consortium’s new Messaging Guide is a comprehensive resource that explores how Confidential Computing (CC) addresses these challenges and supports organizations in securing their workloads.

Confidential Computing capabilities protect against unauthorized access and data leaks, enabling organizations to collaborate securely and comply with regulatory requirements. By encrypting data at rest, in transit, and during processing, CC technology allows sensitive workloads to move to the clud without requiring full trust in cloud providers, including administrators and hypervisors.

This white paper outlines the motivations, use cases, and solutions made possible by Confidential Computing, empowering organizations to:

 

Who Should Read This Guide?

This document is tailored to meet the needs of a diverse audience, including:

  • Organization leaders to explore use cases and services that can be enabled by Confidential Computing.
  • Organization leaders considering whether to use Confidential Computing for securing a new or existing
  • product(s), projects, services, and capabilities
  • Regulators, standards bodies and ecosystem members in Data Privacy and related fields.
  • General public/Mainstream Media/Publication to raise general awareness of Confidential Computing and its benefits

Why This Matters

As the demand for secure data processing grows, Confidential Computing provides a critical solution to meet the challenges of modern cloud environments. Whether enabling secure AI applications, fostering inter-organizational data collaboration, or addressing compliance needs, CC empowers organizations to innovate without compromising security.

We invite you to explore the Messaging Guide and discover how Confidential Computing can transform your approach to secure computing. Together, we can build a future where privacy and security are foundational to all digital workloads.

Read the full report here.

Jan 15

ManaTEE: Transforming Private Data Analytics First Community Release

By Blog No Comments

The Confidential Computing Consortium proudly announces the first community release of ManaTEE, an open-source framework for private data analytics. Originally developed by TikTok as a privacy solution for secure data collaboration, ManaTEE is now open-sourced and part of the Linux Foundation’s Confidential Computing Consortium.

Highlights of the Community Release:

  • Easy Deployment: Test ManaTEE locally with minikube, no cloud account needed.
  • Comprehensive Demo Tutorial: Step-by-step guidance to get started.
  • Extensible Framework: Refactored code with Bazel builds and a CI/CD pipeline, ready for contributions.

What’s Next?

ManaTEE is evolving with plans to:

  • Expand backend support to multi-cloud and on-prem solutions.
  • Integrate privacy-compliant data pipelines.
  • Enhance output privacy protections.
  • Support confidential GPUs for AI workloads.

Technical Steering Committee will soon guide the project’s future.

Learn More

Explore the potential of ManaTEE and join the community effort. Read the full announcement: First Community Release of ManaTEE.

 

Jan 14

Applied Blockchain Joins the Confidential Computing Consortium as a General Member

By Announcement, Blog No Comments

We are excited to announce that Applied Blockchain has rejoined the Confidential Computing Consortium (CCC) as a General Member, reinforcing its longstanding commitment to advancing innovation in Confidential Computing and Trusted Execution Environment (TEE) technology. This move aligns with CCC’s mission to enhance trust and privacy in business applications and marks a continued dedication to tackling some of the most pressing challenges in digital privacy.

As one of the few organizations that are members of the Confidential Computing Consortium and the LF Decentralised Trust, Applied Blockchain stands out for its cross-domain expertise in privacy-preserving technology. This dual membership uniquely positions the company to foster collaboration and drive progress across both ecosystems, promoting secure, transparent, and trustworthy solutions for the future of technology.

Applied Blockchain’s renewed involvement comes directly from its groundbreaking work on the Silent Data platform. By integrating TEE technology with blockchain, Silent Data provides a robust solution for privacy-conscious companies.

“We are thrilled to rejoin the Confidential Computing Consortium as a General Member, reinforcing our commitment to advancing Trusted Execution Environment (TEE) technologies. Our continued work on Silent Data demonstrates how we can tackle privacy challenges, and we look forward to collaborating with CCC members to drive innovation, enhance trust, and protect sensitive data.”
— Adi Ben-Ari, Founder & CEO at Applied Blockchain

Applied Blockchain focuses on safeguarding consumer and business data in critical sectors such as banking, energy trading, and supply chains. With its renewed membership, the company is positioned to make significant strides in evolving privacy-enhancing technologies, helping organizations across industries protect sensitive data while driving trust and security in their operations.

We look forward to Applied Blockchain’s continued impact as they collaborate with CCC members and help shape the future of Confidential Computing.

Jan 06

Happy Holidays!🎄 Welcome to the 2024 December Newsletter

By Newsletter No Comments

December’s Issue:

  1. Adieu, 2024. Outreach Year In Review Quick Snapshot
  2. Executive Director Year In Review
  3. TAC Year In Review
  4. CCC Mentorships are Open!
  5. Community News

Welcome to the December edition of our newsletter – your guide to awesome happenings in our CCC community. We’re excited to continue to connect with you and help drive innovation. Let’s go!

CCC Presence in 2024 & Looking Ahead

The CCC has grown tremendously with lots of activities this year. Thanks to all the CCC community members for their participation and collaboration. We could not do what we do without our members’ involvement. 

The CCC showed up at more than 20 events this year, delivering talks, demos, and networking opportunities. We’ve also published more than 47 blogs, white papers, and tech talk/webinars hosted on our platform. One of the biggest publications was The Case for Confidential Computing white paper. Our social media interaction has increased more than 93%, making an impressive milestone for our community.

Awesome job this year!

In the new year, we have many more activities forming up. Our focus is to double down on impactful engagement with a more targeted approach. Our events will be reduced in quantity but more targeted to industry verticals, driving meaningful engagement. We’re working on engaging with analysts for a white paper to assess the Confidential Computing market, and a refreshed branding and messaging guide will be introduced as we kick off the new year. Our Outreach Meetings are open to all, if you’re curious about our engagement or want to get involved, feel free to join us!

Executive Director Update

November was a busy month for the CCC and we’ve managed a number of important tasks.  The first is approval of a budget for 2025 and the second is the election of new chairs and vice chairs to our various committees.

I’m delighted to welcome:

  • Governing Board
    • Chair: Nelly Porter (Google)
    • Vice-chair: Emily Fox (Red Hat)
    • General member representatives: Manu Fontaine (Hushmesh), Samuel Ortiz (Rivos Inc.), Mark Medum Bundgaard (Partisia)
  • TAC
    • Chair: Dan Middleton (Intel)
    • Co-Chair: Yash Mankad (Red Hat)
  • Outreach
    • Chair: Rachel Wan (IBM)
    • Vice-chair: Mike Ferron-Jones (Intel)

Thank you to everyone who participated in the elections both as candidates and voters.

We also attended, spoken, and exhibited at KubeCon NA.  It was great to see a growing number of sessions involving Confidential Computing at the conference and also to welcome representatives from various members to staff, share resources, and speak at our booth.  The ability to make use of CCC booths at conferences we’re attending is one of the great benefits of membership in the consortium, particularly for smaller companies and we always welcome representation.

Though things are calming down as December proceeds, there are still activities ongoing.  One of note is a Linux Foundation workshop in Brussels around the new European Union Cyber Resilience Act (CRA).  This is likely to have an impact on members, the CCC, and its projects, and I will be attending to find out more and ensure that we have as much information and input as possible.  Having read the (81-page!) report on the day it was released, I’m planning to produce a summary for members that will help provide a shorter and more readable description of the possible actions we and our members should take as this legislation moves into its implementation phase.

TAC Year In Review

We have for the last couple years organized our work around Projects, Ecosystem, and Community.

Community
Yash Mankad gave us an update on our mentorship program. A big shoutout to Sal for their hard work in facilitating these efforts! Yash also mentioned that for 2025, we aim to expand this program to help keep our project repositories up-to-date.

Fritz Alder gave us a rundown of the Tech Talks coordinated in 2024. The pipeline for 2025 is already growing, and Fritz is committed to organizing more talks, with a focus on academic contributions.

Ecosystem
Alec Fernandez provided insights into our ecosystem work. As security practitioners, we’ve been focusing on security and privacy compliance, standards, and research. One notable improvement is the addition of “data in use” to the Cloud Controls Matrix. 

Mark Novak has led the drafting of a collection of compliance guidelines that we plan to get out early in 2025 as one of our first sets of accomplishments.

Projects
Catherine Zhang updated us on the Linux Kernel SIG’s efforts to facilitate upstreaming CC features into the Linux Kernel. 

Mingshen Sun shared valuable lessons learned from the ManaTEE project. These insights will be instrumental in supporting future projects, particularly in areas like mentorship, hardware, and cloud credits.

We’d also like to celebrate significant progress in OpenSSF compliance across our projects, with COCONUT-SVSM achieving an exceptional 107% compliance score and earning the OpenSSF Passing Badge, SPDM-RS advancing to 97% compliance and nearing badge status, and the Certifier Framework reaching 84% compliance. As we look to 2025, our focus is on increasing compliance across all projects to 90% or higher and standardizing OpenSSF compliance into the onboarding process for new projects, ensuring a consistent commitment to security and excellence.

Mentorship Opportunities Now Open!

NEW! Several CCC projects are now accepting mentorship applications. These mentorships provide hands-on experience in key areas of confidential computing, perfect for developers eager to enhance their skills while contributing to meaningful open source projects.

These mentorships offer an excellent opportunity to develop expertise in confidential computing while contributing to industry-leading projects. We encourage interested participants to apply and join us in shaping the future of confidential computing! Please share these opportunities with your network!

Community News

·        Podcast: TEEs and Confidential Computing: Paving the Way for Onchain AI

·        ACSAC 2024 Cybersecurity Artifact Award: “Rapid Deployment of Confidential Cloud Applications with Gramine”

·        Using trusted execution environments for advertising use cases

Subscribe to our newsletter

Jan 06

Verified Confidential Computing: Bridging Security and Explainability

By Blog No Comments

January 6, 2025

Author: Sal Kimmich

The rapid adoption of AI and data-driven technologies has revolutionized industries, but it has also exposed a critical tension: the need to balance robust security with explainability. Traditionally, these two priorities have been at odds. High-security systems often operate in opaque “black box” environments, while efforts to make AI systems transparent can expose vulnerabilities. 

Verified Computing bridges this gap that reconciles these conflicting needs. It enables organizations to achieve unparalleled data security while maintaining the transparency and accountability required for compliance and trust.

The Core Technologies That Make It Possible

1. Trusted Execution Environments (TEEs)

TEEs are hardware-based secure enclaves that isolate sensitive computations from the rest of the system. They protect data and processes even if the operating system or hypervisor is compromised. Examples include Intel® SGX, Intel® TDX and AMD SEV.

  • How They Work: TEEs operate as secure zones within a processor, where data and code are encrypted and inaccessible to external actors. For example, during a financial transaction, a TEE ensures that sensitive computations like risk assessments are performed without exposure to the broader system.
  • Why They Matter: They protect data “in use,” closing a crucial gap in the data lifecycle that encryption alone cannot address.

2. Remote Attestation

Remote attestation provides cryptographic proof that a TEE is genuine and operating as expected. This ensures trust in the environment, particularly in cloud or collaborative settings.

  • How It Works: A TEE generates an attestation report, including a cryptographic signature tied to the hardware. This report confirms the integrity of the software and hardware running within the enclave (source).
  • Why It Matters: Remote attestation reassures stakeholders that computations occur in a secure and uncompromised environment, a critical requirement in multi-tenant cloud infrastructures.

3. Confidential Virtual Machines (VMs)

Confidential VMs extend TEE principles to virtualized environments, making secure computing scalable for complex workloads. Technologies like Intel® TDX allow organizations to isolate entire virtual machines.

  • How They Work: Confidential VMs use memory encryption to ensure that data remains secure during processing. Encryption keys are hardware-managed, inaccessible to the hypervisor or OS (source).
  • Why They Matter: They enable secure data processing in public clouds, even in shared infrastructures.

4. Verified Compute Frameworks

Verified Compute frameworks build on TEEs by introducing mechanisms for generating immutable logs and cryptographic proofs of computations. An example is EQTY Lab’s Verifiable Compute.

  • How They Work: These frameworks capture the details of computations (inputs, outputs, and environment integrity) in tamper-proof logs. These logs are cryptographically verifiable, ensuring transparency without compromising confidentiality.
  • Why They Matter: They allow organizations to meet regulatory requirements and provide explainable AI outputs while safeguarding proprietary algorithms and sensitive data.

5. Homomorphic Encryption and Secure Multi-Party Computation (SMPC)

In cases where external collaboration or ultra-sensitive data handling is needed, additional cryptographic techniques enhance confidentiality.

  • Homomorphic Encryption: Enables computations on encrypted data without decryption.
  • SMPC: Distributes computations across multiple parties, ensuring that no single party has access to the complete dataset.
  • Why They Matter: These techniques complement TEEs by enabling secure collaboration across untrusted parties.

How Verified Computing Bridges Security and Explainability

Achieving Transparency Without Sacrificing Security

Traditionally, efforts to make AI systems explainable required exposing internal processes or sharing sensitive data—practices that risked data breaches or model theft. Verified confidential computing changes the game by:

  • Allowing computations to occur in TEEs or confidential VMs, ensuring data is secure at all times.
  • Using verified compute frameworks to provide cryptographic evidence of computation integrity, allowing external parties to trust results without accessing sensitive details.

For example, a healthcare provider running an AI diagnostic tool can securely process patient data in a TEE. The AI’s decisions can be explained to regulators or patients using cryptographic proofs, without exposing proprietary algorithms or patient information.

Supporting Regulatory Compliance

Regulations like the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) demand both robust security and transparent handling of sensitive data. Verified confidential computing offers a solution by generating immutable logs and proofs that demonstrate compliance. This reduces audit complexity and ensures adherence to privacy laws.

Building Trust in AI Systems

As AI plays a growing role in critical sectors, trust is paramount. Verified computing ensures that stakeholders can verify:

  1. The Security of the Data: Through TEEs and confidential VMs.
  2. The Integrity of Computations: Via cryptographic attestation and verifiable compute frameworks.
  3. The Explainability of Results: Through transparent logging and auditable records.

For instance, financial institutions can use verified computing to process loan applications, providing regulators with evidence of fairness and transparency without compromising customer data security.

Verified Compute

Verified Computing is more than a technological advancement—it is a paradigm shift. By integrating technologies like TEEs, remote attestation, confidential VMs, and verifiable compute frameworks, it resolves the long-standing tension between security and explainability. Organizations can now protect sensitive data, ensure compliance, and provide transparent, trustworthy AI systems.

As industries adopt this approach, verified computing will become the gold standard for secure and accountable digital transformation. Bridging these historically conflicting priorities paves the way for a future where trust in AI is not just an aspiration, but a guarantee. For more insights and resources, visit the Confidential Computing Consortium.