Skip to main content


CCC Newsletter – January 2023

By Blog, Newsletter

Welcome to the Confidential Computing Consortium’s newsletter!

The start of the new year is the perfect opportunity to reflect about the year that has passed and what we have accomplished collectively in 2022. It has been a pivotal year for the CCC in many regards. Please check the updates from the Technical Advisory Committee, the Outreach Committee, the CCC projects, and the Special Interest Groups.

Table of Contents

New Members

Cape Privacy and Canonical joined the Confidential Computing Consortium.

Cape Privacy is a confidential computing platform to easily run serverless functions on encrypted data. Cape empowers developers to build secure applications which protect the underlying data and code from the cloud.

Canonical is committed to enabling Ubuntu users to leverage the strong run-time confidentiality and integrity guarantees that confidential computing provides. The mission of the Confidential Computing Consortium of driving cross-industry open source software, standards and tools greatly resonates with us and we are really excited to have joined its members.

Upcoming Events


The Confidential Computing Consortium will be participating at the Confidential Computing devroom at FOSDEM. A social event is being sponsored by the CCC on the 4th of February.

State of Open Con

The Confidential Computing Consortium will have a table at the State of Open Con, a conference being organized by OpenUK in London on the 7-8th of February.

CCC Webinar: Confidential Computing in Financial Services

The next CCC webinar will happen on February 16 at 8:00 am PT. Featured speakers include Bessie Chu (Cape Privacy), Gavin Uhma (Cape Privacy), Mark F. Novak (JP Morgan Chase), and Richard Searle (Fortanix).

White Papers & Reports

The Confidential Computing Consortium has published the Common Terminology for Confidential Computing. As more companies and open source projects begin to use similar terms to describe similar paradigms that build upon hardware-based, attested Trusted Execution Environments (TEEs), it will be increasingly important that vendors use consistent terminology that describes the ways in which these new capabilities are applied within different functional domains.

Technical Advisory Committee

It was a busy year for the Technical Advisory Council (TAC). We had a number of goals for the year across the spectrum of maturing our projects to collaborating with other open organizations to acting on our diversity & inclusion plans. Attestation was a pronounced theme for the year. We revised the definition of Confidential Computing to include attestation as an essential element. The TAC approved the Veraison project which focuses on building blocks for attestation verification. We created the Attestation SIG last year and throughout 2022, it found its legs and created a good deal of content. You can browse our meeting recordings and presentations for a series of talks on Secure Channels and Attestation Formats. An outcome of this sharing led to two additional initiatives. CCC projects Gramine, Occlum, and Open Enclave SDK all rely on separate implementations of “Remote Attestation TLS.” The independent implementations were not interoperable. The Attestation SIG helped uncover and resolve variations arriving at a proposal to harmonize the implementations of those projects. Contributors to the SIG are also creating an Attested TLS proof of concept based on a similar design. We look forward to attestation of TEEs becoming a fundamental part of communications as Confidential Computing becomes pervasive.

Harmonization was not unique to the Attestation SIG. The TAC also engaged with a variety of organizations looking for opportunities for collaboration and coordination. We hosted speakers from RISC-V, MPC Alliance, IETF, TCG, CDCC,,, PCI SIG WG, and the OCP Security SIG. In fact, most of our TAC meetings host a Tech Talk and our meetings have become a place for learning a variety of security related technical topics. As an open collaborative community, everyone is welcome to join our meetings or view the recordings. We hope to see you in one in 2023.

The TAC also had direct collateral outputs. In addition to revising our primary whitepaper, we also generated a new whitepaper which is going through final layout. That paper focuses on terminology to give greater clarity to the different ways Confidential Computing artifacts can be packaged and what that should imply to a consumer. We were also able to collectively form a response to the OSTP’s request for comments on Privacy Enhancing Technologies (PETs).

This government interaction suggested a broader need for similar discourse. The TAC subsequently approved the creation of a Governance, Risk, and Compliance SIG. This newly chartered SIG already has representation from representatives from Meta, Microsoft, Intel, NVidia, Arm, CSA, JPMorgan Chase, Anjuna and others.

Of course, as an open source organization, our main focus is on open source projects. This year the TAC provided projects with additional resources. Our focus on diversity and inclusion took a few forms. Each of the projects were introduced to D&I training specifically for open source provided by the Linux Foundation. We made Outreachy internships available and Veracruz and Enarx piloted this membership program for the rest of the CCC. As the year progressed we created other resources for projects – increasing funding for CI, creating conference travel funding for projects, and making additional security tooling available.

All in all it has been a very productive year for the Technical Advisory Council, our SIGs, and our projects. We have a number of ambitious goals coming together for 2023 and will communicate those in a future blog.

Outreach Committee

2022 was a year of two halves. While the effects of COVID restrictions were still being felt in the first half of the year, things really turned around in the summer, and by the end of the year life was back to pre-COVID levels in most regions of the world. The outreach committee had to be nimble and adapt to the changing circumstances. In some ways, some of the impetus was to lay the foundation to hit the ground running again in 2023.

The committee implemented multiple important initiatives during this time including:

  • For the second year in a row, CCC sponsored the OC3 Summit, a virtual Open Confidential Computing Conference held in early 2022.
  • Building brand awareness and visibility in industry events like RSA. We were able to negotiate a co-marketing arrangement at no cost, whereby RSA promoted the CCC on their website, and in promotions, and CCC did the same for RSA. We’ll have a similar arrangement with RSA in 2023 as well.
  • Expanding our presence to Latin America, participating at Roadsec 2022 in Sao Paulo, the biggest hacker festival in Latin America. 
  • After a hiatus due to COVID, CCC had a presence at Black Hat USA, in Las Vegas. This included a meeting room where we received visitors wanting to learn and/or get engaged with CCC. In addition we also got exposure in some of the member booths at the show, by way of presentations, CCC handouts etc.
  • We were also able to get brand visibility at the Crypto & Privacy Village at DEF CON 2022.
  • Rekindled industry analyst interactions including recent briefing with ABI Research, and communications with Gartner, Forrester, IDC, 451 Research, OMDIA, Nemertes and other Tier 2/3 analyst firms
  • Secured a speaking spot for the consortium in the Keynote segment of the upcoming OC3 event in March 2023
  • Signed up a consultant to greatly increase our social media activities starting Jan 2023
  • Shortlisted a consultant to help guide the committee to get Confidential Computing on Wikipedia
  • Made good progress on content refresh of our website, with the updates scheduled to be rolled out in March 2023

The committee is very excited about the foundation that has been laid, and we are looking forward to a highly successful 2023!



  • Implemented support for TLS, WASI networking, wasi-crypto, multithreading, lazy memory mapping, VFS, attestation, SGX2, EDMM, and made improvements to SEV-SNP support.
  • Implemented nil backend, which allows development/testing of Enarx in multiple platforms, from MacOS and Windows to Raspberry Pi.
  • Implemented attestation (Steward) and application registry (Drawbridge) integration.
  • Implemented Kubernetes integration.
  • Tested Enarx in various cloud environments: Alibaba Cloud, AWS, Azure, Equinix, PhoenixNAP. Support for Google Cloud and IBM Cloud coming soon.
  • Made upstream contributions to various projects: Rust, Tokio, Wasmtime, Linux Kernel, and others.
  • Published the WebAssembly Guide with a common example across 14 programming languages: Rust, C++, C, Golang, JavaScript, TypeScript, Python, .NET, Java, Zig, Ruby, Swift, AssemblyScript, and Grain.
  • Published several demos as part of the Codex and Drawbridge repository: Cryptle (wordle clone), TCP echo server, chat application, ICU Monitor (healthcare example), and Confidential Trading (fintech example), among others.
  • Published over 100 tutorials at Wasm Builders and helped this community to go from zero to over 1500 members during the year.
  • Participated in Outreachy, LFX Mentorship, and Semester of Code programs, mentoring over 30 community members.
  • Launched the Cryptle Hack Challenge and announced a winner who was able to find an exploit. The exploit and solution was presented at the Crypto & Privacy Village at DEFCON.
  • Implemented an initial benchmarking framework using flame graphs to help measure optimizations of Enarx and WebAssembly support of various languages in an automated manner.
  • Launched Try Enarx, a playground to run WebAssembly workloads using Enarx in multiple platforms using Intel SGX and AMD SEV.
  • Developed a VS Code extension that facilitates setup of Enarx and developer tools, Enarx.toml creation/validation, local and remote application deployment, package publication to Drawbridge, and download of examples from Codex.
  • Presented Enarx at the following conferences: FOSDEM, OC3, Open Source 101, FOSSASIA, Wasm Day / KubeCon Europe, RightsCon, Open Source Summit North America, Roadsec LATAM, SGX Community Day, SCaLE, Black Hat, DEFCON, Open Source Summit Europe, Linux Security Summit Europe, and All Things Open.
  • Surpassed 1000 GitHub stars (from around 300 at the beginning of the year).
  • Renewed website content and documentation.
  • Published around 20 blog posts during the year.



  • Released the first stable version 1.0, which, among other things, delivers a significant performance boost with various switchless techniques
  • Integrated a log-structured secure block device as the foundation for secure file I/O
  • Reached the milestone of 1,000 Github stars

Open Enclave

  • Added oeapkman, a Linux tool for installing and using Alpine Linux static libraries within enclaves
  • Added policy baseline configuration support to attestation verification APIs
  • Added new logging APIs
  • Upgraded to mbedTLS 2.28.1 and OpenSSL 1.1.1q
  • Mitigated CVEs (see release notes)
  • Increased max threads usable by enclaves from 32 to 1000
  • Added support for POSIX mmap and munmap
  • Enabled MUSL conf functions


  • Integration with Veraison for the Proxy Attestation Service
  • DarkNet Machine learning in WASM and with a Native Module
  • Graviton support
  • Fully implemented the Proxy attestation service (no longer need the “root enclaves”)
  • Added Cargo.lock files into workspaces for supply chain security and reproducibility
  • Support for linear pipelines of functions
  • Integrated Icecap as a Realm OS
  • Integrated the file system into our permissions system
  • Transitioned off of Rustls and ring in favor of MbedTLS


  • Integrations with other open source projects
    • veraison/services
      • Parsec (CNCF) and mbedTLS (TrustedFirmware) — see also “attested TLS prototype” under the Attestation SIG
      • Veracruz (CCC) CA/RA backend
      • Project Oak (Google) – conversation in progress
    • veraison/go-cose (among others)
      • Notary v2 (CNCF)
      • sigstore (OpenSSF)
  • Partner engagements
    • Huawei (HERS)
    • EnactTrust (TPM-based enterprise device health monitoring)
  • Community
    • attracted new (very active) collaborators, especially:
      • veraison/go-cose
      • veraison/corim
      • veraison/swid
      • veraison/rust-apiclient
  • Codebase
    • added new component repos (e.g., veraison/ear, veraison/ccatoken, veraison/rust-apiclient)
    • reorganized old codebase into a leaner structure
    • end-to-end demo using veraison services and attesters emulators
    • more verification plugins: enacttrust, psa, cca, nitro
  • Standardization
    • design and implementation of standardized formats for endorsements/ref-values and trust anchors (CoRIM, CoMID, CoTS) and attestation result (AR4SI, EAR)
  • Public talks
    • OC3
    • FOSDEM (accepted, upcoming)
    • IETF 115 hackathon

Special Interest Groups

Attestation SIG

  • Content (available here)
    • Secure Channel “Lectures”
    • Attestation Formats (evidence, reference, results)
  • RA-TLS Harmonization
  • Attested TLS POC initiated

Governance, Risk and Compliance SIG

  • Developed and agreed on the SIG charter
  • Established a working relationship with the Cloud Security Alliance; a joint working group is getting underway
  • Connected with NIST; expecting to start ongoing interactions in early January ‘23
  • Collectively working on a response to ICO request for comments, focused on the use of confidential computing in data privacy applications (due by end of December, and we’re on track to meet this deadline)
  • Happy with the current composition of the SIG, with representatives from Meta, Microsoft, Intel, NVidia, Arm, CSA, JPMorgan Chase, Anjuna.

Social Media

The Confidential Computing Consortium is approaching 1000 followers on Twitter and LinkedIn. Please follow us in these channels to keep up-to-date with the latest news about Confidential Computing:

CCC at Black Hat and DEF CON 2022

By Blog, CCC Events

The Confidential Computing Consortium (CCC) was present at the 25th edition of Black Hat USA and the 30th edition of DEF CON.

At Intel’s booth for Black Hat, there was a big effort towards bringing awareness to Confidential Computing, including the distribution of outreach material from the Confidential Computing Consortium, as well as sessions from Anjuna (“Confidential Computing 101”) and Fortanix (“Confidential Computing AI & Intel SGX: accelerating the use of AI/ML”).

One of the highlights of Black Hat was the responsible disclosure of the ÆPIC Leak by researchers Pietro Borrello (Sapienza University of Rome) and Andreas Kogler (Graz University of Technology) and their collaboration with Intel to mitigate the vulnerability. After their session at Black Hat, the researchers and their colleagues met with the Confidential Computing Consortium representatives and shared how they worked closely together with Intel to follow responsible vulnerability disclosure practices. Intel has provided a microcode update for processors with Intel SGX to enable support to clear buffers and mitigate potential exposure of sensitive stale data when exiting Intel SGX enclaves.

At DEF CON, the Confidential Computing Consortium was mostly present at the Crypto and Privacy Village, which provides a forum for the hacker community to share knowledge and discuss cryptography and privacy.

Community members of the Enarx project gave two talks at the Crypto and Privacy Village: “Owned or pwned? No peekin’ or tweakin’!” and “Cryptle: a secure multi-party Wordle clone with Enarx”. The talks were presented by Richard Zak, Tom Dohrman, and Nick Vidal, with assistance from Ben Fischer from Red Hat.

We would like to thank attendees and organizers of Black Hat, DEF CON, the Crypto and Privacy Village, as well as staff and members of the Confidential Computing Consortium, including representatives from Anjuna, Fortanix, Intel, Profian, and Red Hat/IBM.

Response by the CCC to the Office of Science and Technology Policy’s RFI on Advancing Privacy-Enhancing Technologies

By Blog

July 7, 2022

To Whom It May Concern:

Please consider the following submission to the Request for Information on Advancing Privacy-Enhancing Technologies from the Confidential Computing Consortium. The Confidential Computing Consortium ( is a Linux Foundation project “to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards” and has a diverse membership of hardware and software vendors and cloud service providers ( This response was prepared by the group’s Technical Advisory Council with participation from across the membership, and ratified by its Governing Board. The Linux Foundation is a non-profit organization registered in the United States as a 501(c)(6).

The Confidential Computing Consortium has a mandate to engage with governments, standards agencies and regulatory agencies to encourage adoption of Confidential Computing, as well as work with the larger ecosystem and engage with existing and potential end-users of the technologies. It also works with open source projects to further development of implementations. The Confidential Computing Consortium is committed to encouraging open source implementations of Confidential Computing technologies to ensure wide-spread adoption, scalable community involvement, transparency of process, increased security and ease of auditing by relevant interested parties and authorities.

The Confidential Computing Consortium welcomes collaboration with governmental and non-governmental organizations and has mechanisms in place to provide appropriate membership, as well as open technical participation without any membership requirement.

Stephen R. Walli
Confidential Computing Consortium, Governing Board Chair

Read the response here.

Roadsec: LATAM’s largest hacker conference

By Blog

The Confidential Computing Consortium (CCC) was one of the 10 communities selected to be part of Roadsec, LATAM’s largest hacker conference. Over 5000 participants were present at this in-person conference held in Sao Paulo.

Roadsec started as meetups about cyber-security that were organized across different cities (thus the name Roadsec, as speakers were always on the road). Every year the community gathers in Sao Paulo for the main conference.

Sao Paulo is considered an alpha global city and serves as Latin America’s financial and technological hub. Major banks and cloud service providers have their headquarters and data centers in this city.

Nick Vidal, CCC’s Outreach Committee Co-Chair, was at the conference promoting the CCC and also inviting participants to the Cryptle Hack Challenge, a secure multi-player Wordle clone that demonstrates how Confidential Computing works.

Roadsec organizers were kind enough to provide the CCC a booth to present this emerging technology called Confidential Computing, which protects data in use by performing computation in a hardware-based Trusted Execution Environment. These secure and isolated environments prevent unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data.

Recently, there have been many serious cyber attacks in Brazil, including the leakage of sensitive patient data from DATASUS and sensitive client data from Banco Pan. Confidential Computing could have helped prevent these data leakages.

CCC Project Updates

By Blog

Check out what the CCC Projects have been up to!


Gramine project (formerly known as Graphene) will release a new stable version v1.2 in upcoming weeks.

Gramine is a library OS that enables protecting sensitive workloads with Intel® Software Guard Extensions (Intel® SGX). Gramine runs unmodified Linux applications on Intel® SGX out of the box and provides all functionality required for end-to-end protection of workloads: remote SGX attestation, transparent encryption of security-critical files, secure multi-processing. Gramine follows a “lift-and-shift” paradigm for running unmodified applications: to “graminize” the application, it is enough to write a so-called *manifest* file that reflects a runtime configuration of the protected application. Gramine also supports Docker integration via a tool called Gramine Shielded Containers (GSC) and provides a growing set of curated applications, runtimes and frameworks.

In comparison to the previous release, Gramine v1.2 introduces a major overhaul of the FS subsystem. In particular, the Protected Files (PF) feature was significantly reworked. A new manifest syntax allows to mark whole FS mounts for encryption. The PF feature is now available not only in the SGX mode of Gramine, but also in the direct mode, for ease of debugging. We also added support for renaming PFs, memory mapping them with read-write permissions and encrypting them with different user-supplied encryption keys. As a side effect of this rework, multiple bugs in the FS and PF subsystems were fixed.

Additionally, Gramine v1.2 introduces a final reworked CPU/NUMA topology feature (previously marked as experimental). Now, CPU/NUMA topology is securely forwarded inside a Gramine SGX enclave and enabled by default. Among other improvements in Gramine, we highlight better support for CentOS/Fedora/RHEL Linux distributions and the update of the EPID SGX attestation tools to use IAS API v4. We also added a Rust example (a simple web server that uses hyper and tokio crates), as well as a new Python example for SGX quote retrieval.

Along with this technical work, Gramine was presented in different forums and featured in articles and blog posts:

– Gramine talk at the FOSDEM’22 conference:

– Gramine talk at a Confidential Computing Consortium (CCC) webinar:

– Highlighted in several use cases and projects at the Open Confidential Computing Conference (OC3 2022) conference:

– Integration with Open Federated Learning (OpenFL) framework:

– Integration with IBM/Gematik e-Prescription solution:

– Reference solutions with Gramine as part of the Confidential Computing Zoo (CCZoo):

– Whitepaper “Computation offloading to hardware accelerators in Intel SGX and Gramine Library OS”:

– Blog post “How Open Source Gramine Accelerates Expanding Confidential Computing Market”:

– A series of technical blog posts:

For more information on the release please check out:

We invite you to join the Gramine community and contribute to adoption of confidential computing through open source collaboration. We also look forward to your feedback as you deploy this latest release of Gramine for your solutions.


The Enarx project had three releases this quarter:

– Enarx 0.3.0 (Chittorgarh Fort) released in March with TLS support, attestation & validation support (

– Enarx 0.4.0 (Fort of Dhat al-Hajj) released in April with SGX2 support, improved TLS support, and much more (

– Enarx 0.5.0 (Elmina Castle) released in May with many new/improved features: New enarx deploy subcommand. SGX with EDMM / SGX2 support (

In addition to Linux, Enarx is now available on MacOs, Windows, and Raspberry Pi:

– Enarx can now be compiled on additional platforms in a light development version. From MacOS to Raspberry Pi — Extending the Enarx Development Platforms.  (

The Enarx project announced the Cryptle Hack Challenge:

– Cryptle is a secure multi-player clone of Wordle. The goal of the Cryptle Hack Challenge is to uncover vulnerabilities in the Enarx project. (

The Enarx community has achieved a huge milestone: we have collectively published 100 tutorials and articles over at Wasm Builders!

– As part of the Confidential Computing Fellowship program, the Enarx project has received several mentees from Outreachy and LFX Mentorship. Wasm Builders has served as a welcoming environment where Enarx community members can share their learning experiences with others (

The Enarx project has participated in the following events:

– Nathaniel McCallum presented “WASI Networking” at Wasm Day at KubeCon + CloudNativeCon Europe 2022 (

– Outreachy intern Shraddha Inamdar presented “Enarx: The Platform Abstraction for Trusted Execution Environments” at FOSSASIA (

– CCC Fireside Chat: Stephen Walli received Mike Bursell to discuss his book “Trust in Computer Systems and the Cloud,” with a particular focus on the impact of Confidential Computing on security, trust and risk (


  • We recently announced our 22.05 release which included first-time contributions from several people including Aryan Godara, Mohamed Abdelfatah, and Sagar Arya.  Many of these contributions focussed on adding new examples to the Veracruz repository.  Mohamed will be joining us as our Outreachy-sponsored intern shortly, working on providing better documentation of the expected behavior of Wasi system calls (
  • We’ve worked to simplify Veracruz attestation further, across all of our supported platforms, making the process more uniform and removing platform-specific quirks.
  • We’ve started work, and are progressing quickly, on supporting seL4 as an in-enclave operating system for ultra-low TCB enclaves.
  • We’ve worked to improve Veracruz documentation.
  • Many other smaller bug fixes, performance improvements, and upgrades of dependencies to fix security concerns.

CCC Project Updates

By Blog

Check out what the CCC Projects have been up to!


Following the first production-ready release “v1.0”, The Gramine Project is releasing “v1.1” in upcoming weeks. One highlight of this release is stability improvements for Golang and Rust workloads. Another prominent feature of the release is support for the musl C standard library – now Gramine allows users to choose between glibc and musl, depending on users’ requirements on the binary size (TCB), as musl is more light-weight than glibc. Also, AddressSanitizer was integrated in Gramine, and it runs in the CI on each change, for detecting any security issues ahead of code merge. This version adds several other features as well as multiple bug fixes (thanks to our ever-increasing user base for reporting issues!).

While there are several use cases under development, we would like to highlight the production release of the OpenVino Security Add-on (OVSA) for Model IP protection (consider using it for your protected ML workloads). Please reach out to the Gramine team if you are experimenting with Gramine and would like to be added to the list of “Users of Gramine


In Enarx’s first release “version .0.1.0” (codenamed Alamo) we provided WebAssembly as a runtime. For our upcoming release “version 0.2.0” this coming quarter we are looking forward to providing support for attestation, including Intel’s SGX and AMD’s SEV.

Other areas where we are working on are support for filesystem and networking, which depend on upstream collaboration with the WebAssembly community.

Enarx is under high development and is not production ready yet, but our hope is that these initial releases will allow developers to experiment with Enarx and see its progress.

If you are interested in learning more about the Enarx project, please access our website, star us on GitHub, and join our chat.

Gramine 1.0 release

By Blog

Announcing Gramine production ready release!

Having recently joined the Confidential Computing Consortium in the Linux Foundation, The Gramine Project (formerly known as Graphene) is proud to announce the first production-ready version to enable protecting sensitive workloads with Intel® Software Guard Extensions (Intel® SGX).

The project started as a research prototype at Stony Brook University in 2011, and the first open-source version was published in 2014, followed by the Intel® SGX port in 2017 in collaboration with Intel Labs. In December 2018, Golem and ITL joined the project, forming the core of the open source community around the project, including a first release.  The Gramine community has subsequently grown into a diverse group of contributors, from universities, small and large companies, as well as individuals.

Gramine not only runs Linux applications on Intel® SGX out of the box, but also provides several tools and infrastructure components for a push-button lift-and-shift paradigm for running unmodified applications on confidential computing platforms based on  Intel® SGX. Gramine supports both local and remote Intel® SGX attestation, and with both EPID and DCAP schemes. With the protected files feature, security-critical files are automatically encrypted and decrypted inside the enclave. Gramine supports several performance optimizations for Intel® SGX applications including asynchronous system calls. Gramine is one of the few frameworks that supports multi-process applications by providing a complete and secure fork implementation. Gramine supports Docker integration via a tool called Gramine Shielded Containers (GSC) that automatically converts Docker images to Gramine images.  Containers built with GSC can be deployed via Kubernetes for confidential containers and microservices.  Gramine also supports cloud deployment with Azure Confidential VMs and integrates with Azure Kubernetes Services in Azure cloud.

Since our last release, there have been major changes in the code with 1272 files changed, 100637 insertions, 112144 deletions, 1648 commits from 49 authors. This includes a major rewrite of the code that handles features including memory management, thread handling, process handling, filesystem and signal handling. You can find the detailed changelog at our github.  In future, we plan to continue Gramine development with additional features, code cleanup, tooling, and documentation. We also plan to add generic support for I/O device communication as well as add additional Platform Adaptation Layers (PAL) for other TEEs like Intel® TDX.

Gramine has a growing set of well-tested applications including machine learning frameworks, databases, web servers, and programming language runtimes and there are several projects that are already experimenting with Gramine for developing their solutions to protect data in use. We expect that Gramine 1.0 will bring many of those solutions to production. We look forward to your feedback as you deploy this latest version of Gramine for your confidential computing solutions with lift-and-shift capability.

For more information on the release please check out:

We invite you to join the Gramine community and contribute to adoption of  confidential computing through open source collaboration.

The Confidential Computing Consortium Year in Review, 2021

By Blog

We are just finishing the second year of the Confidential Computing Consortium, and it is time once again to look back on what the members have accomplished together. 

Membership & Project Growth

All of our meetings start with the reminder that all members are welcome and all projects are welcome. It have been this way since we launched. 

Remember that companies create non-profits like the Consortium in the broad open source space because our businesses benefit from that membership, and from working together towards common goals. We launched the Consortium with 15 premier and general members, growing to 27 corporate members and 2 non-profits by the end of the first year. While we lost a few members this year as company priorities shift, we have continued to grow to 36 corporate members and 4 non-profits over this past year. 

This year we welcomed the following companies to the Consortium: 

Ampere, Applied Blockchain, Baidu USA, Canary Bit, Cisco, Crust, Edgeless, En|viel, Ethernity Cloud, HUB Security, Madana, Opague Systems Inc, Phalla Network, Technology Innovation Institute, Western Digital, Xilinx. 

Our newest general member last week is Profian. The addition of general members through the year brought us over the twenty mark and we added a new general member representative to the governing board (Eric Voit, Cisco). 

A primary part of our shared mission is to support open source and standards projects relating to confidential computing to accelerate the acceptance and adoption of confidential computing in the market. This year the Consortium welcomed four new projects:

  • Keystone: Keystone is an open-source project for building trusted execution environments (TEE) with secure hardware enclaves, based on the RISC-V architecture. Our goal is to build a secure and trustworthy open-source secure hardware enclave, accessible to everyone in industry and academia.
  • Veracruz: Veracruz is a research project exploring the design of privacy-preserving distributed systems.  Veracruz uses strong isolation technology and remote attestation protocols to establish a “neutral ground” within which a collaborative, multi-party computation between a group of mistrusting principals takes place.
  • Gramine: Gramine is a rebranded Graphene project. A particular use case for Gramine is Intel Software Guard Extensions (SGX), where applications do not work out-of-the-box. Gramine solves this problem, with the added security benefits. Gramine can serve as a compatibility layer on other platforms.
  • Occlum: Occlum makes running applications inside enclaves easy. It allows one to run unmodified programs inside enclaves with just a few simple commands.

The Technical Advisory Council (TAC)

The Technical Advisory Council continues to meet every other week. It is an opinionated public debate and everyone is welcome to attend. Members in the TAC saw the need to begin to add some structure and this year created the idea of Special Interest Groups (SIG) as they put in place the Attestation SIG. It was recognized by members that attestation will become the next challenge in confidential computing and have begun the discussion of how best to enable TEE attestation across the industry. 

The TAC membership also published a more detailed Technical Analysis of Confidential Computing white paper.

The Outreach Committee

Outreach Committee members were also busy this year in their collaboration. The Consortium Webinar Series has been building with monthly entries covering our projects and topics that span our domain. This is a good quick way to get an introduction to projects as each project has contributed to the collection. 

A global pandemic makes it tough to gather together, but this year the members organized and ran the first Confidential Computing Developer Summit, C2DS in June. It was run as a virtual unconference with a full day of content. There was good attendance with 400 registered developers participating through the day. All the feedback was good and the team looks forward to building an event again this coming year. 

The Outreach Committee commissioned an analyst group to produce a market study this year. Working with members, the analysts have built a view of the confidential computing industry in its growth. The study will be published this month. 

Lastly, Outreach Committee members have been working towards launching an End User Advisory Council to attract broader input into how users of confidential computing technology see the challenges ahead. We had hoped to launch the advisory council at the Linux Foundation Open Source Summit in September, but pulled back as people continue to be cautious with pandemic travel. Look for a launch in the near future. 

Outreach is working with the Linux Foundation creative staff to improve the Consortium website and we will be rolling changes out soon.

General Administrivia

I have long joked that governing boards should be boring places voting on meeting minutes, money, and membership. 

  • In keeping with that intent, we continue to run a healthy budget surplus as working committees spend money cautiously in a pandemic. 
  • We reviewed and tuned our charter last year in the Fall. As members continued to evolve our transparent, collaborative endeavor together, they had suggestions for tweaks to the charter that were voted last Fall. We will open the charter again shortly to see what new changes will be proposed. In making this an annual practice, it becomes an easy muscle to exercise, and debates don’t become worrisome and contentious. 

We continue to get great support from the Linux Foundation services teams. Stephano Cetola has recently moved to become a technical director at the RISC-V organization. While we are sad to see him go, Brian Warner is stepping into the role of Linux Foundation program manager. This year Ashley Weltz joined the program management team to help put the developer summit and end user advisory council in place. 

I look forward to continue working with all of our members in the coming year. A number of new projects have approached the Consortium. New members continue to express interest. It should be an exciting year ahead. 

Updated January 2022 to reflect new members joining in Q4 of 2021.

The Confidential Computing Consortium Year in Review, 2020

By Blog

The first year of the Confidential Computing Consortium is coming to a close and it is an important time to reflect on what we’ve done and where we’re going as we look ahead to our next year. 

I want to start from the perspective of ‘why’ the Consortium. Companies create non-profits like the Consortium in the broad open source space because our businesses benefit from that membership. We launched the Consortium with 15 premier and general members and have since grown to 27 company members and 2 non-profit members. 

Oasis LabsOracleR3Red HatSwisscom

Bold indicates a premier member. Our non-profit members are:, MIT

For all of our corporate members: 

  • Confidential computing directly (or indirectly) benefits our company stories to customers.
  • Directly supporting/servicing the growth of well-formed OSI-licensed projects that create hardware TEE based solutions can provide building blocks for products and services to customers as part of our product portfolios. 
  • Directly funding/participating in collateral development that educates the marketplace and creates a community within the industry provides a consistent baseline in the market on which to build our individual customer-facing messages.  
  • Directly engaging in the Technical Advisory Council (TAC) discussions provides a collaborative space to debate and test engineering-focused discussions relating to confidential computing and accelerates innovation in the domain. 
  • The Consortium provides a shared cost structure and participation structure for the members supporting projects and building educational collateral.
  • Being a member creates a direct association of the company brand with the technology space through the Consortium brand.
  • ‘Hallway discussions’ around the main business of the Consortium create and strengthen business relationships and opportunities.  

The primary working committees of the Consortium are the Technical Advisory Council (TAC) and the Outreach Committee. They have each (and together) accomplished a lot in these first ten months getting to know each other as members and working towards those common objectives. (Some of this has been particularly challenging as the last five months have been in the midst of the COVID-19 pandemic.) 

The TAC has:

  • Accepted the first three open source projects under the Consortium umbrella in Oct 2019 (enarx, the Open Enclave SDK, and the SGX SDK for Linux). 
  • Agreed on a confidential computing definition, the scoping of the consortium mission, and scoping of TEE to the definition.   
  • Continued to improve and evolve the project acceptance criteria and services work.
  • Accepted three new projects through the Spring 2020 (Graphene, the Trusted Compute Framework, and Keystone… ).
  • Developed an introductory whitepaper on Confidential Computing with the Outreach Committee.
  • Developed content then participated in analyst and press briefings (e.g., Gartner, Forrester, IEEEFortune)
  • Developed and evolved work processes and templates (e.g., project submission) to accomplish the mission.
  • The TAC chair has engaged and coordinated with outside organizations (e.g.,, IETF).

The Outreach Committee has: 

  • Developed the confidential computing messaging framework in coordination with TAC.
  • Organized and ran the press and analyst briefings (e.g., Gartner, Forrester, IEEE, Fortune)
  • Developed the current white paper with TAC.
  • Begun the long process of web site improvements. 
  • Organized and ran our booth presence at the Linux Foundation Open Source Summit in Lyon (October 2019), and at the Linux Foundation Open Source Summit North America virtual event. 
  • Begun planning for a conference for Spring 2021 for 300-500 participants, (and a test virtual event this Fall). 
  • Begun tracking interest in the Consortium with the launch of the Confidential Computing whitepaper.

I would very much like to thank all of the participating members. A truism about successful open source project communities is the need for people in the community to be willing to chop wood and carry water. The ‘community’ isn’t some magic workforce, but rather a group of individuals doing the work together towards shared goals. This is just as true when you build a non-profit as an umbrella organization for such OSI-licensed projects. 

I would be remiss if I didn’t thank our Linux Foundation program manager, Stephano Cetola, who helps us navigate the Linux Foundation services we use, and keeps clearing the to-do lists we collectively put in front of him, as well as Scott Nicolas from the Linux Foundation who helped us with the initial heavy lift of starting the Consortium and continues to get dragged into the occasional discussion about all things charter related.  A special thanks also to Omkhar Arasaratnam and Morgan Akers from JP Morgan Chase who have been active participants in TAC discussions and have shown us the need to build an end user advisory committee this coming year. 

We have a number of exciting projects to begin our second year with the TAC working on an in-depth technical report, the Outreach Committee exploring a Fall virtual event, and beginning work on the End User Advisory Committee. All this along with our regular work supporting the open source projects under our umbrella. I’m looking forward to it, and hope the membership is as excited as I am. 

As the Confidential Computing Consortium Grows

By Blog

The Confidential Computing Consortium is a community focused on open source licensed projects securing data in use and accelerating the adoption of confidential computing through open collaboration. The Consortium announced its intentions in August 2019, and has been heads down laying the foundations for open collaboration between the parties involved in confidential computing and creating a welcoming home for open source projects.

What is Confidential Computing

Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment. Technology solutions exist for securing data at rest in storage and data in transit across the network, but until recently securing data in use during computation wasn’t part of the story. Chip manufacturers have been bringing technologies to market (Intel with Secure Guard eXtensions, Arm with TrustZone, and AMD with Secure Encrypted Virtualization). These are examples of Trusted Execution Environments (TEE), the core building block in confidential computing. Software development frameworks and application deployment mechanisms were soon to follow. 

Developers that handle sensitive data such as Personally Identifiable Information (PII), financial data, or health information need to remove threats that target the confidentiality and integrity of the data in system memory. Using TEE to isolate and protect the execution environment of applications ensures data is secure while in use, preventing it from being exposed in the memory of the compute infrastructure. 

Accomplishments to Date

Since launch, the Consortium established an Outreach Committee–chartered with educating the industry and developers about confidential computing, and supporting the health of the Consortium projects–and a Technical Advisory Council (TAC)–chartered with driving the technical direction of the Consortium and supporting the Consortium projects.

In October, the TAC met at the Open Source Summit EU and heard from, and approved, three open source projects to join the Consortium:

  • Software Guard Extensions (SGX) SDK for Linux, designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves in memory.  
  • Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.  
  • Enarx, a project providing hardware independence for securing and deploying applications using TEEs. 

As we come through the first quarter of 2020: 

  • The TAC has debated at length a definition for confidential computing after a survey of the members and across the industry.  
  • The Outreach Committee has begun educating industry shapers, like analysts, on this definition, and the work of the Consortium projects  
  • The Outreach Committee is developing educational materials for developers and the wider industry 
  • The administration of the Consortium continues to evolve and take shape. The Legal Subcommittee has now met on a number of topics to get a measure of how the Consortium can best meet its members’ legal needs. The Budget subcommittee is working to help the working committees have a better grasp of the money to be spent supporting Consortium projects and building educational collateral. 
  • New members continue to join the Consortium. We’re up to nine premier members, and 13 general members, with several more members filing paperwork as we speak.
  • New projects are in discussions with the TAC to come under the Consortium umbrella. 

The TAC and Outreach Committee are now heads down developing the website, wiki, and GitHub sites to ensure policies and decisions are captured, documented, and public, and to improve our on-ramps and services to open source licensed projects in the confidential computing space. We’re working to create a User Council to engage with sophisticated large-scale users of confidential computing. It is an exciting time. 

Like any open source project, the Consortium is a continuously evolving and growing effort; evolving to meet the needs of the user and growing in the ways that meet these needs. Consortium meetings are open to anyone, and we welcome all– from those who are curious about what confidential computing is to open source projects curious about what the Consortium offers to security researchers on their umpteeth TEE disclosure–there is a seat waiting for you. To find meeting times, join our mailing lists.