The Linux Foundation Projects
Skip to main content
Category

Newsletter

Jul 03

Welcome to the 2025 June Newsletter

By Newsletter No Comments

In today’s issue, learn about:

  1. From the Executive Director
  2. Outreach
  3. Upcoming Events
  4. From the TAC
  5. Recent News

Welcome to our latest newsletter! The June 2025 CCC newsletter spotlights recent events the CCC community has participated in, as well as technical updates on Coconut SVSM and Glossary. Read all the details below!

From the Executive Director (ED)

The second half of June has been a very busy time for Confidential Computing, with three events nearly back-to-back. The first was the Confidential Computing Summit in San Francisco, organized by CCC member Opaque, sponsored by the CCC and attended by many members. I gave a keynote on Aligning Confidential Computing with Use Cases, and there were keynotes and sessions from many very illustrious members of our community. Nelly Porter (Chair of the Governing Board), Dan Middleton (Chair of the Technical Advisory Committee) and I also ran a panel on the CCC, what we’re for and the benefits of engagement. Videos of sessions at the event should be available shortly, and are certainly worth watching to catch up.

The week after, in Denver, the Linux Foundation’s Open Source Summit North America also contained a number of sessions around Confidential Computing, and was followed the day after by a mini-Summit on Confidential Computing, run by the CCC.

These events can only take place with the involvement of our members, and I’d like to thank the individuals and organizations who devote time and resources to making them work. We have more events coming up: for more information, join one of the Outreach Committee’s meetings (or watch them on YouTube!).

Outreach

Confidential Computing Summit Retro

The 2025 Confidential Computing Summit featured an impressive lineup of 93 sessions across two days, bringing together senior leaders from Microsoft, NVIDIA, Meta, Intel, IBM, Google, and renowned academics from Stanford and Berkeley. The agenda included a mix of technical deep dives, thought leadership panels, and hands-on workshops led by teams from LangChain, CrewAI, and Galileo, offering valuable opportunities to explore topics such as agentic AI and secure deployment frameworks.

The Confidential Computing Consortium booth served as a central hub for member companies to showcase their latest projects and engage with attendees on the evolving mission of confidential computing.

A key highlight was the Confidential Computing Consortium session, where leaders such as Mike Bursell, Dan Middleton, and Nelly Porter from the Linux Foundation, Outreach Committee, Technical Advisory Council, and Governing Board came together for a panel discussion. The session offered attendees a unique look into the consortium’s collaborative efforts, major milestones, and cross-industry priorities. It provided a clear roadmap for how the consortium is driving innovation through community engagement, ecosystem alignment, and open development, and how individuals and organizations can get involved.

Confidential Computing Mini Summit Retro

The Confidential Computing Mini Summit at OSS NA 2025 took place on Thursday, June 26, from 1:30 to 5:00 PM in Colorado. The half-day summit brought together experts and practitioners to explore the latest advancements in confidential computing across infrastructure, AI, and distributed systems.

The summit featured a series of in-depth technical talks. Laura Martinez opened the program with “Scaling Trust for Autonomous Intelligence with NVIDIA”, highlighting how NVIDIA is enabling secure, scalable AI through confidential computing. Donghang Lu followed with “Trustless Attestation Verification in Distributed Confidential Computing”, where he introduced innovative methods for establishing trust in decentralized environments without relying on traditional trust anchors. Finally, Julian Stephen presented “Confidential Computing for Scaling Inference Workloads”, outlining techniques to secure and optimize AI inference using confidential computing technologies. The event concluded with a wrap up session led by Mike Bursell, who summarized key takeaways and encouraged continued collaboration across the ecosystem.

Session recordings will be available soon. Please stay tuned on our Confidential Computing Consortium channel at YouTube.

Upcoming Events

From the TAC

This month we had a great update from Coconut SVSM. The project has matured tremendously and has added a governance structure that will help ensure an architecture in balance with the different TEE providers in the community. 

We also revisited the Glossary project that was initiated last year. After some initial work the Glossary was left untended. For now we’ve decided that we should invest more in it rather than shut it down. The project is useful to other organizations outside of the CCC to have plain language, informal explanations of our terminology. This is a great place to contribute if you are looking to get involved.

Recent News

  • Reporting on the Endorsement API Workshop at Linaro Connect 2025: Last month saw the annual gathering of engineers and experts from across the Arm ecosystem for the Linaro Connect 2025 conference, which this year took place in Lisbon. As promised, confidential computing was an important theme at this year’s conference. Read more in our recap blog.

Best regards,

The Confidential Computing Consortium

Let’s grow our community!  Share this with your network.

Jun 03

Welcome to the 2025 May Newsletter

By Newsletter No Comments

In Today’s Issue

  1. From the Executive Director
  2. Outreach: RSAC Retro
  3. Upcoming Events
  4. From the TAC
  5. Recent News

Welcome to our latest newsletter! The May 2025 CCC newsletter spotlights growing momentum in Confidential Computing through key updates from RSA Conference, outreach activities, and technical advancements such as the SPDM Tools project. It also highlights upcoming events, recent cloud announcements from Intel and Azure, and calls on members to share their stories for broader amplification.

From the Executive Director (ED)

Conference season is fully underway, with the CCC getting involved in various ways in RSA Conference NA (see last month’s newsletter), Linaro Connect in Lisbon earlier in May, and the Confidential Computing Summit and Open Source Summit in June.  Our mission is always to spread the news about Confidential Computing, its use cases and how open source is a great fit – but there’s another aim, as well, which is to encourage our members to tell their stories and show their value to the ecosystem.  

If you’re a member of the CCC and are speaking at a conference, promoting a blog post, posting a set of videos or just making a noise about Confidential Computing, we want to hear about it!  The CCC’s social media reach is already wide and currently expanding (attend our Outreach calls to learn more) and the Consortium isn’t about and for itself – it’s about our members.  So tell us what you’re up to, and we’ll work with you to amplify what you’re up to and show that Confidential Computing isn’t just a niche solution, but a well-proven technology already implemented by industry players large and small across the globe.

Outreach

RSAC – Retro

This year’s RSAC Conference drew nearly 44,000 attendees, 730 speakers, 650 exhibitors and 400 members of the media. Overall, RSAC booth theme centered on AI, reflecting the industry’s increasing focus on artificial intelligence-driven security solutions and innovations.

There was increased awareness about confidential Computing compared to previous years. The Confidential Computing Consortium booth received many questions about how to get started with confidential computing, showing growing interest in this technology. 

The Confidential Computing Consortium hosted an expanded presence at this year’s RSA Conference, featuring a booth twice the size of previous years. The enhanced setup provided a great platform to spotlight a wider array of member-led projects and innovations in Confidential Computing. A record number of CCC members participated by showcasing their technologies, sharing use cases, and engaging with the broader security community, including Anjuna, Fortanix, Hushmesh, IBM, Intel, Invary, Linux Foundation, NVIDIA, and TikTok (in alphabetical order). The strong turnout and collaboration indicated the growing momentum behind Confidential Computing technologies. 

The CCC saw encouraging engagement at RSAC this year, with 193 audience members expressing interest in the Consortium and its mission. This interest translated into digital engagement as well, with 55 unique visitors accessing the CCC landing page during the conference. These metrics reflect growing awareness and curiosity around Confidential Computing and the innovative work being led by CCC members across industries.

IMG_0716
IMG_0717

Upcoming Events

From the TAC

This month we highlight the SPDM Tools project. When we want to accelerate AI workloads it’s beneficial to bring a GPU into the security boundary. For that to work securely we have to build a secure channel between the CPU and the GPU. That is the job of Security Protocol and Data Model (SPDM), a DMTF standard. Our CCC project has enabled Intel, Nvidia, Rivos and other companies to work on a joint implementation of this standard. 

In fact, not just this standard but more. One of the “ah ha” moments during Jiewen Yao’s project update this month was from CCC community members who weren’t aware that SPDM Tools also includes implementations of two related protocols, TDISP and IDE. In the near future, the industry will move towards “TEE-IO” which uses SPDM, TDISP, and IDE standards together to shuttle data between the CPU and GPU at speeds near direct memory access (DMA) rates. We had a brief discussion about renaming the project “TEE-IO Tools” to reflect that expanse better. The maintainers, however, pointed out that SPDM can be used on its own to great value in attesting devices independent of TEE-IO. While TEE-IO might be the long term focus for many of us in Confidential Computing, SPDM Tools will still enable use cases in the nearer term and long term that don’t involve the other protocols. 

Finally, if you want to understand what these protocols do and how they work (and you don’t want to read the open source code 🙂 ) you can watch the 2023-06-20 presentation at the Attestation SIG from governing board representative and SPDM Tools maintainer, Samuel Ortiz.

Recent News

  • Intel® TDX is available on IBM Cloud Virtual Servers for VPC.
  • Preview for the next generation of Azure Intel® TDX Confidential VMs:
    • We are excited to announce the preview of Azure’s next generation of Confidential Virtual Machines powered by the 5th Gen Intel® Xeon® processors (code-named Emerald Rapids) with Intel® Trust Domain Extensions (Intel® TDX).  This will help to enable organizations to bring confidential workloads to the cloud without code changes to applications. The supported SKUs include the general-purpose families DCesv6-series and the memory optimized families ECesv6-series.
    • Confidential VMs are designed for tenants with high security and confidentiality requirements, providing a strong, attestable, hardware-enforced boundary. They ensure that your data and applications stay private and encrypted even while in use, keeping your sensitive code and other data encrypted in memory during processing.
    • Please sign up at here.
  • Applied Blockchain Turns 10: An Evening of Insight & Innovation – Live Event
AppliedBlockchain

Subscribe to our newsletter!

Apr 30

Welcome to the 2025 April Newsletter

By Newsletter No Comments

In Today’s Issue

  1. From the Executive Director
  2. Outreach: OC3 Retro and RSAC
  3. Upcoming Events
  4. From the TAC
  5. Recent News

Welcome to our latest newsletter! This month’s newsletter highlights the CCC’s growing presence at major industry events, including an expanded booth at RSAC and strong member engagement at OC3. We also spotlight technical milestones from Gramine and Enarx, new governance resources to support compliance, and a thought-provoking webinar on confidential computing in the cloud.

From the Executive Director (ED)

As you’ll see below, the CCC has a booth at the RSA Conference this month. The conference is probably the biggest security conference in the world, and this is our second year with a booth. This year, we’ve gone out of our way to encourage members to help staff the booth. The costs for individual members for a booth at the Expo are very high, and the opportunity to be on the CCC booth allows members not only the chance to talk to attendees about the CCC, but also to discuss their own products and solutions. I’ve enjoyed staffing the booth alongside our members, and while there are still lots of people coming to see us who don’t know what Confidential Computing is, I’ve been cheered by the percentage of attendees who have got some idea of what the technology provides.  

We’ll be at other upcoming events and will be inviting members to staff booths at those as well: keep a lookout for Outreach announcements – or better yet, join the calls!

Outreach

OC3 – Retro

  • At OC3, Mike Bursell presented “Why Remote Attestation is the Next Business Driver” during the CCC session. He emphasized that while trusted execution environments (TEEs) are transforming how businesses manage and interact with data, Remote Attestation is a critical next step.  Often treated as an add-on, Remote Attestation is essential to fully realizing the value of Confidential Computing. Mike outlined why it matters and shared concrete examples of its significant business impact.
OC3

CCC members were highly engaged at OC3, with many companies showcasing projects spanning Confidential Computing, attestation frameworks, secure data processing, and emerging industry use cases.

In addition to individual project presentations, members also shared updates on collaborative initiatives and cross-industry efforts aimed at driving standards, improving interoperability, and supporting broader adoption.

You can view the full schedule of CCC member presentations and initiatives here.

Watch all OC3 session recordings here.

RSAC – Happening this week

  • The CCC is hosting a booth this week at RSAC, featuring double the space and an enhanced setup to showcase a broader range of member projects and initiatives in Confidential Computing. This year, a notable number of members are presenting their projects and products, including Anjuna, Fortanix, Hushmesh, IBM, Intel, Invary, Linux Foundation, NVIDIA, and TikTok (listed alphabetically). We invite you to stop by the CCC booth to learn more about Confidential Computing and how you can get involved. A sincere thank you to all participating members for their contributions – we look forward to even greater participation in the future.

Upcoming Events

From the TAC

This month we got annual updates from both our longest running project, Enarx, and our most adopted project, Gramine.

Enarx is in its second life. Richard Zak continues to carry the torch and maintain Enarx as companies continue to express interest in the unique TEE-agnostic, WASM-based, workload isolation capabilities Enarx provides.

Gramine won the prestigious ACSAC (Annual Computer Security Applications Conference) Cybersecurity Artifact Award at the end of the year. If you missed our post on that you can read it here.

Gramine has also expanded scope from process isolation with SGX to VM isolation with TDX. Gramine was able to reuse a significant portion of the hardened LibOS to provide a tighter security footprint alternative to general purpose Confidential VMs. You can read more about it in their ACM paper.

This month the Governance, Risk, and Compliance SIG has elevated three Governance Patterns to the TAC for final review. These documents will help compliance officers understand best practices for correct use of Confidential Computing technologies. These are some of the first documents we are creating to help people understand how Confidential Computing helps satisfy compliance requirements.

Recent News

  • CCC Executive Director Mike Bursell appeared on a webinar on April 15th  titled “Public is Private – Confidential Computing in the Cloud” along with Manu Fontaine, founder of Hushmesh. The webinar explored the transformative potential of confidential computing for cloud environments. It’s now available to watch for free on demand here.

Subscribe to our newsletter!

Mar 31

Welcome to the 2025 March Newsletter

By Newsletter No Comments

March’s Issue:

  • From the Executive Director
  • NEW! Outreach: Submit your talks & booth demos! 
  • Upcoming Events
  • From the TAC
  • Recent News

Welcome to our latest newsletter! This month’s newsletter covers opportunities for members to staff CCC conference booths, upcoming CFP deadlines, newly approved SIG on Trustworthy Workload Identity, and recent developments in Confidential Computing, including ManaTEE and container security insights.

From the Executive Director (ED)

As conference season continues, it’s worth a reminder that whenever we (the CCC) have a booth at a conference or exhibition, that’s an opportunity for our members and open source projects to attend and staff that booth.  Usually, we get several free passes for booth staff, which means that all you need to do is volunteer (via the Outreach group) and turn up!  You’re welcome to bring your own swag and marketing materials, and while the main branding and messaging focus is, of course, on the CCC, we believe that one of the great benefits of membership is being able to promote not just the consortium, but also your own company or project’s work.  Upcoming events where we’ll have a booth include the RSA Conference and Confidential Computing Summit, so if you’re interested, please get in touch.

Outreach

The deadline is just around the corner! The Confidential Computing Consortium is excited to be sponsoring several upcoming events. As a valued member, you have the opportunity to share your ideas through CCC sponsored speaker sessions. We’re currently accepting submissions for speaker sessions and booth presentations. Whether you have a story to share, a project to demo, or an idea to inspire others, we encourage you to submit a proposal. Don’t miss out and check out the list of opportunities below!

Upcoming Events

From the TAC

Last month we talked about emerging interest across the Consortium to advance Trustworthy Workload Identity. In a nutshell, Confidential Computing can provide cryptographic evidence about the integrity and identity of a workload. However there are ease of use gaps in our common tooling and gaps in the ecosystem’s recognition of these capabilities.

I’m happy to say that a charter quickly came together and that across the TAC there was clear agreement and possibly more importantly commitment to contribute to the goals of the charter. We voted to approve TWI as the newest SIG. You can find the charter here.

We are still standing up some infrastructure for it including a mailing list. Meanwhile you can always check the CCC calendar to find where and when meetings are taking place. For now TWI contributors will meet Tuesdays. View the calendar here.

Recent News

  • At FOSDEM 2025, Dayeol Lee introduced ManaTEE, an open source framework enabling secure, privacy-preserving data analytics. By leveraging Privacy-Enhancing Techniques (PETs) and Trusted Execution Environments (TEEs), ManaTEE empowers researchers to analyze sensitive data with confidence. Now part of the Confidential Computing Consortium, ManaTEE is shaping the future of secure data collaboration. Read the blog to learn more about the framework, its use cases, and how you can contribute:
  • Does Confidential Computing work with containers? The short answer: Yes. But the real question is how it works and what level of security isolation fits your needs. In this blog, Dan Middleton breaks down different interpretations of “containers” and explores four key isolation patterns for protecting containerized applications with Confidential Computing. Read the blog.

Subscribe to our newsletter!

Mar 03

Welcome to the 2025 February Newsletter

By Newsletter No Comments

February’s Issue:

  • From the Executive Director
  • NEW! Outreach: Job Board Page Now Live!
  • Upcoming Events
  • From the TAC: Trustworthy Workload Identity
  • Recent News

Hello Community Member, welcome to our latest newsletter, where we share some highlights from my February travels across Europe and exciting updates in Confidential Computing.

From the Executive Director (ED)

February has been Europe-heavy for me, which  makes a change (and works for me as I’m based in the UK).  There were three different conferences – FOSDEM in Brussels, State of Open Con in London and the AI Security Summit in Paris.  FOSDEM was (as usual!) packed and chaotic, but with devrooms for Confidential Computing and Attestation both busy, and an extra pre-summit meeting around Attestation (there were just too many talks submitted to have them all in the official conference), the amount of interest at the developer level is clearly really picking up.

At State of Open Con, I presented at pun-heavy 15 minute session on PII (Personally Identifiable Information) and also appeared on a panel around Open Source Security, excellently moderated by Divya Mohan.  Sal Kimmich, our out-going Technical Community Arcthitect, presented a session on Secure Isolation and Trust Boundaries: A Crash Course for Engineers.  State of Open Con is now in its third year, and continues to be one of the best open source conferences of the year.

The AI Security Summit was held the day before the huge international AI summit in Paris, and was notable for me in that the number of people who had actually heard of Confidential Computing was much higher than I’m used to.  I gave an introduction to remote attestation and why it’s so important, and found myself able to dive deeper into the technical side than I’m used to: with FOSDEM and this, it really feels like the message is getting out there.

The last thing I’d like to do is mention a new Premier member to the CCC: Shielded Technologies joined us this month. We look forward to working with them and the various General and Associate members who have also recently joined.

Outreach: Job Board Page Now Live! 

We’re thrilled to announce that the CCC Job Board is now live! It features exciting career opportunities for professionals passionate about advancing secure computing technologies, with roles in research, development, and the implementation of cutting-edge confidential computing solutions. 

Check out the available positions and add your job postings to the board and connect with top talent! Visit the Job Board

Upcoming Events: 

From the TAC: Trustworthy Workload Identity 

The ability to identify a workload across the internet with cryptographic certainty is one of the key capabilities of Confidential Computing. However, much of the ecosystem still relies on less secure mechanisms, such as using filenames or other easily spoofable features, to identify code. Identifying workloads with Confidential Computing techniques offers significant benefits, but we still face ease-of-use challenges. A new community effort is emerging to improve both industry standards for Workload Identity and its ease of use. Like our other open source initiatives, these meetings and documents are publicly accessible. If you’d like to get involved, you can find the latest updates on meetings and discussions on the TAC mailing list.

Recent News

  • OC3 2025 Registrations are Open: The Open Confidential Computing Conference registrations are free and already open! Join us on March 27th, either online or on-site in Berlin, to learn all about the latest developments in confidential computing by thought leaders at Microsoft, Arm, NVIDIA and more!
    OC3
  • Intel Announces TEE-IO Support in Latest Xeon 6 Processors: On February 24, Intel launched the latest processors in the Intel Xeon 6 family and announced support for Trusted Execution Environment-IO (TEE-IO).  The Intel Xeon 6 processors with P-cores (formerly code-named “Granite Rapids”) include hardware support for Intel TDX Connect, Intel’s implementation of TEE-IO.  Intel TDX Connect will enhance the performance and flexibility of Confidential Computing use cases that include confidential operations on both the CPU and a PCIe-connected device such as GPU-accelerated confidential AI. Solutions based on Intel TDX Connect will require a capable CPU, an enabled host OS/hypervisor, and a TEE-IO capable device.  Intel is engaged throughout the ecosystem to accelerate enablement of complete solutions.

Image source: https://www.businesswire.com/news/home/20250224348229/en/

Subscribe to our newsletter!

Mar 03

🎉 Happy New Year! Welcome to the 2025 January Newsletter

By Newsletter No Comments

January’s Issue:

  • From the TAC:  Path Forward for Confidential Computing in 2025
  • Welcome 2025 Leadership
  • NEW! Confidential Computing Messaging Guide
  • Confidential Computing Summit Call for Papers
  • Recent News

From the TAC

Confidential Computing in 2024: Growth, Security, and Collaboration Pave the Way for an Exciting 2025

In 2024 We did a great job working together on the TAC to make the world more secure with Confidential Computing, than any of us could have done as individuals or individual companies.

As an open source organization, seeing our projects grow is nearest and dearest to our hearts. Long standing projects like Gramine advanced with more and more adoption.

We grew our portfolio by 60% with new projects contributed by Intel, Samsung, Suse, and TikTok. These new projects span:

  • Fundamental support for AI Accelerators to directly enable AI Cleanroom Capabilities. 
  • As 2025 kicks off we already have a new project in the pipeline. Stay tuned for some news coming up real soon on that.

Our projects, already security focused, improved their security posture adopting best practices from the Open Source Security Foundation. All CCC projects have completed or initiated the OpenSSF Best Practice BadgeIn 2025, we’ll help our projects get even more robust as we assess how Scorecards can identify additional improvements.  

Special Interest Groups

We revamped our mentorship program, welcoming a new cohort of mentees who are actively contributing to CCC projects and gaining security expertise—thanks to our dedicated maintainers who generously mentor them.

Our Special Interest Groups (SIGs) made great strides:

  • The Kernel SIG is accelerating Confidential Computing feature upstreaming in the Linux Kernel.
  • The Attestation SIG fosters collaboration on attestation data standards and protocols, with impactful developments expected in 2025.
  • The Governance, Risk, and Compliance (GRC) SIG is driving awareness of critical concepts like Workload Identity, which the TAC will explore further this year.

Curious about Workload Identity? Come join us at a TAC or GRC SIG meeting or follow the discussion on our mailing lists.

Welcome to Our 2025 CCC Leaders

We’re excited to kick off 2025 by introducing our new leadership team:

Governing Board

Chair: Nelly Porter (Google)

Vice-Chair: Emily Fox (Red Hat)

TAC

Chair: Dan Middleton (Intel)

Vice-Chair Yash Mankad (Red Hat)

Outreach Committee

Chair: Rachel Wan (IBM)

Vice-Chair: Mike Ferron-Jones (Intel)

CCC Outreach

Driving Adoption and Engagement: Reflecting on 2024 and the Path Forward for Confidential Computing in 2025

Looking back at 2024, the Outreach Committee launched brand repositioning efforts, completed the Confidential Computing Messaging Guide, and shifted the focus from “What is Confidential Computing” to “Why Confidential Computing Matters.” The committee also proposed creative agency work, updates to the CCC website, and refinements to the logo and mascot. Additionally, we engaged IDC for a market analysis white paper to update market data and expand Confidential Computing coverage. We participated in key industry events, including FOSDEM, OC3, RSAC, CC Summit, and OSFF.

For 2025, our strategy focuses on enhancing CCC’s presence through creative agency work, market analysis, community outreach, events, and educational resources. These initiatives aim to strengthen our mission while increasing engagement and visibility across industries.

We invite the community to contribute by submitting use cases, sharing insights, and participating in upcoming events. Your involvement is vital to shaping the future of Confidential Computing and driving collective progress.

The Confidential Computing Summit Returns for Year 3!

Mark your calendar for June 17-18 in San Francisco as the Confidential Computing Consortium collaborates with Opaque Systems for the third annual Confidential Computing Summit.

Bringing together the brightest minds in confidential computing, secure AI, and privacy-preserving technologies, the Summit will explore the transformative potential of generative AI across industries like finance, healthcare, and manufacturing while learning how to keep sensitive data secure.

Snag the Early Bird rate now and watch last year’s inspiring keynotes.

Call for Speakers: Deadline February 17

Have a real-world use case or breakthrough to share? Submit your session proposal and join the conversation shaping the future of confidential computing and trustworthy AI. Submit here.

Recent News

Subscribe to our newsletter

Jan 06

Happy Holidays!🎄 Welcome to the 2024 December Newsletter

By Newsletter No Comments

December’s Issue:

  1. Adieu, 2024. Outreach Year In Review Quick Snapshot
  2. Executive Director Year In Review
  3. TAC Year In Review
  4. CCC Mentorships are Open!
  5. Community News

Welcome to the December edition of our newsletter – your guide to awesome happenings in our CCC community. We’re excited to continue to connect with you and help drive innovation. Let’s go!

CCC Presence in 2024 & Looking Ahead

The CCC has grown tremendously with lots of activities this year. Thanks to all the CCC community members for their participation and collaboration. We could not do what we do without our members’ involvement. 

The CCC showed up at more than 20 events this year, delivering talks, demos, and networking opportunities. We’ve also published more than 47 blogs, white papers, and tech talk/webinars hosted on our platform. One of the biggest publications was The Case for Confidential Computing white paper. Our social media interaction has increased more than 93%, making an impressive milestone for our community.

Awesome job this year!

In the new year, we have many more activities forming up. Our focus is to double down on impactful engagement with a more targeted approach. Our events will be reduced in quantity but more targeted to industry verticals, driving meaningful engagement. We’re working on engaging with analysts for a white paper to assess the Confidential Computing market, and a refreshed branding and messaging guide will be introduced as we kick off the new year. Our Outreach Meetings are open to all, if you’re curious about our engagement or want to get involved, feel free to join us!

Executive Director Update

November was a busy month for the CCC and we’ve managed a number of important tasks.  The first is approval of a budget for 2025 and the second is the election of new chairs and vice chairs to our various committees.

I’m delighted to welcome:

  • Governing Board
    • Chair: Nelly Porter (Google)
    • Vice-chair: Emily Fox (Red Hat)
    • General member representatives: Manu Fontaine (Hushmesh), Samuel Ortiz (Rivos Inc.), Mark Medum Bundgaard (Partisia)
  • TAC
    • Chair: Dan Middleton (Intel)
    • Co-Chair: Yash Mankad (Red Hat)
  • Outreach
    • Chair: Rachel Wan (IBM)
    • Vice-chair: Mike Ferron-Jones (Intel)

Thank you to everyone who participated in the elections both as candidates and voters.

We also attended, spoken, and exhibited at KubeCon NA.  It was great to see a growing number of sessions involving Confidential Computing at the conference and also to welcome representatives from various members to staff, share resources, and speak at our booth.  The ability to make use of CCC booths at conferences we’re attending is one of the great benefits of membership in the consortium, particularly for smaller companies and we always welcome representation.

Though things are calming down as December proceeds, there are still activities ongoing.  One of note is a Linux Foundation workshop in Brussels around the new European Union Cyber Resilience Act (CRA).  This is likely to have an impact on members, the CCC, and its projects, and I will be attending to find out more and ensure that we have as much information and input as possible.  Having read the (81-page!) report on the day it was released, I’m planning to produce a summary for members that will help provide a shorter and more readable description of the possible actions we and our members should take as this legislation moves into its implementation phase.

TAC Year In Review

We have for the last couple years organized our work around Projects, Ecosystem, and Community.

Community
Yash Mankad gave us an update on our mentorship program. A big shoutout to Sal for their hard work in facilitating these efforts! Yash also mentioned that for 2025, we aim to expand this program to help keep our project repositories up-to-date.

Fritz Alder gave us a rundown of the Tech Talks coordinated in 2024. The pipeline for 2025 is already growing, and Fritz is committed to organizing more talks, with a focus on academic contributions.

Ecosystem
Alec Fernandez provided insights into our ecosystem work. As security practitioners, we’ve been focusing on security and privacy compliance, standards, and research. One notable improvement is the addition of “data in use” to the Cloud Controls Matrix. 

Mark Novak has led the drafting of a collection of compliance guidelines that we plan to get out early in 2025 as one of our first sets of accomplishments.

Projects
Catherine Zhang updated us on the Linux Kernel SIG’s efforts to facilitate upstreaming CC features into the Linux Kernel. 

Mingshen Sun shared valuable lessons learned from the ManaTEE project. These insights will be instrumental in supporting future projects, particularly in areas like mentorship, hardware, and cloud credits.

We’d also like to celebrate significant progress in OpenSSF compliance across our projects, with COCONUT-SVSM achieving an exceptional 107% compliance score and earning the OpenSSF Passing Badge, SPDM-RS advancing to 97% compliance and nearing badge status, and the Certifier Framework reaching 84% compliance. As we look to 2025, our focus is on increasing compliance across all projects to 90% or higher and standardizing OpenSSF compliance into the onboarding process for new projects, ensuring a consistent commitment to security and excellence.

Mentorship Opportunities Now Open!

NEW! Several CCC projects are now accepting mentorship applications. These mentorships provide hands-on experience in key areas of confidential computing, perfect for developers eager to enhance their skills while contributing to meaningful open source projects.

These mentorships offer an excellent opportunity to develop expertise in confidential computing while contributing to industry-leading projects. We encourage interested participants to apply and join us in shaping the future of confidential computing! Please share these opportunities with your network!

Community News

·        Podcast: TEEs and Confidential Computing: Paving the Way for Onchain AI

·        ACSAC 2024 Cybersecurity Artifact Award: “Rapid Deployment of Confidential Cloud Applications with Gramine”

·        Using trusted execution environments for advertising use cases

Subscribe to our newsletter

Oct 30

October Newsletter

By Newsletter No Comments

October Recap: Highlights include KubeCon + CloudNativeCon NA, new CCC project tech talks, and top community blog posts.

In this month’s issue:

  1. Executive Director October Recap
  2. KubeCon & CloudNativeCon NA
  3. Tech Talks + New CCC Project
  4. Community Blog Highlights

Executive Director Update

October/November is voting time at the Confidential Computing Consortium, and so if you are a member of the consortium, we welcome your application to stand as chair or vice chair of any of our three committees: Governing Board, Technical Advisory Committee, and Outreach Committee.  It is with sadness that we say goodbye to Ron Perez, who has served as Chair of the Governing Board with great wisdom and patience, providing his experience to all and sundry.  We wish him well and thank him for his work with the Consortium: I personally have benefited immensely from his counsel and advice during his tenure.

The CCC also appeared at OSS Japan again this year.  Mark Medum Bundgaard of Partisia and I hosted a Birds of a Feather session on Privacy-Enhancing Technologies (PETs) and presented a session on Confidential Computing for AI, Multi-Party Collaboration and Web3: as always, I’m very happy to share my slides and discuss with anybody with an interest.  Next month a number of members will be in Salt Lake City for Kubecon North America – if you can make it, we’d love to see you there.

Meet Us at KubeCon NA

Come Join Us For Some Fun!!

Stop by the CCC Booth (Q25) for various activities throughout the event.

We have prepared;

  • Privacy Jeopardy during KubeCrawl
  • CC Scavenger Hunt
  • Mini Sessions
  • Demos
  • Fun Swags

You can use our 20% discount code to register: KCNA24TYKAN20

Can’t wait to see you there!!

Register Here

Tech Talks

Our Tech Talk series continued strong with a presentation from Caroline Perez-Vargas on Microsoft’s new OpenHCL project. Since Caroline’s talk the project has been made available on GitHub with an open source license. There’s a natural next step for this project but I just can’t put my finger on it. 😉   Oh well, we’ll just have to see what they have in mind to expand the contributor base with Confidential Computing subject matter experts.

We also heard from Chanda Nelogal on Extending Confidentiality to Data Storage. Chandra introduced us to intersections with Confidential Computing and Self Encrypting Drives. As we see Confidential Computing capable devices enter the market, some of us have focused on accelerators, but storage devices are an interesting and important category. We look forward to Chandra returning to take the conversation further.

TAC Tech Talk playlist 

CCC Welcomes New Open Source Project

We are excited to announce the addition of a new project to the Confidential Computing Consortium (CCC) portfolio: ManaTEE. This innovative platform creates secure data clean rooms, enabling privacy-compliant collaboration for industries like healthcare and finance. ManaTEE supports tools such as Jupyter Notebooks, providing a flexible environment for secure multi-party research and analysis.

Learn about ManaTEE Here

Let’s grow our community!
Share this with your network.
Oct 02

September Newsletter: CC Mini Summit Recordings, Tech Talks, Secure AI Pipelines, and more

By Newsletter No Comments

Hello Community!

Welcome to the 2024 September Newsletter

In Today’s Issue:

  1. Executive Director September Recap
  2. Recordings from the CC Mini Summit @ OSSEU
  3. TAC Tech Talks & Upcoming Discussions
  4. Community Blog Highlights

Welcome to the September edition of our newsletter – your guide to awesome happenings in our CCC community. Let’s go!

Executive Director Update

September saw us holding a Confidential Computing Mini-Summit, co-located with Open Source Summit Europe in Vienna.  Despite torrential rain and major flooding in the preceding days, all of the speakers and panel members made it and we had an interesting – and sometimes spirited! – set of discussions.  I particularly enjoyed moderating a panel on attestation – see below for more on that topic.  The slide decks from the speakers as well as the video recordings at the Mini-Summit will be available for you to watch.

I also popped over to Dublin for the Eyes Off Data Summit, where I appeared as a panel member in a session about the opportunities and challenges of Confidential Computing.

The main thing that I’m seeing at the moment in the community is a realization that while there’s still a lot of work to be done educating the wider world on the basics of Confidential Computing and TEEs, the really interesting work and the really exciting business opportunities are likely to revolve around attestation.  This is reflected in the conversations we’re having at conferences and the work that we’re doing in the CCC.  There are two main streams of work: the technical, where we’re looking at definitions, protocols and related areas; and business questions such as “who should run an attestation verification service?” and “what sorts of policies should we expect an attestation verification service to enforce?”.  Spanning these streams is the work by the Governance, Risk and Compliance (GRC) SIG, which also considers issues around regulation.

If any of this sounds interesting to you, or you’d like to be involved in any way in the work of the CCC, we’d love to hear from you.

Get in touch

CC Mini Summit Recordings & Slides

On Demand Content is Available NOW!

Enjoy the recordings from the Confidential Computing Mini Summit at OSS EU.

Watch the Recording

TAC Update

This month we had three really deep tech talks. A couple are more on the advanced end of the spectrum but don’t let that scare you away from checking them out. They were all presented in really accessible formats. You’ll see the TAC Tech Talks playlist alongside our other playlists on the CCC YouTube channel:

TAC Tech Talk playlist 

Heading into October we’re in our final quarter to complete the goals we set for ourselves for the year. One of the big topics is getting Confidential Computing Features upstreamed into the Linux Kernel. The primary maintainers conference (The Linux Plumbers Conference) just concluded in late September so we’ll be getting some feedback from that in the TAC in October.

We’re also looking at starting some new work related to attestation verification. Feedback from another exercise showed us that there’s still areas that need a common definition. Among them, being able to identify entities that are in and out of the Trusted Computing Base (TCB), also informally called the trust boundary. Entities like CSPs are pretty big and we want to be more granular to more accurately reflect who is and isn’t trusted for a given deployment – or at least what sort of questions an adopter should think through.

Community Blog Highlights

Aug 29

August Newsletter

By Newsletter No Comments

In Today’s Issue:

  1. Executive Director August Recap
  2. Agenda Released! CC Mini Summit @ OSSEU
  3. Post-Quantum Cryptography
  4. Web3 Use Case
  5. Community Blog Highlights

Welcome to the August edition of our newsletter – your guide to awesome happenings in our CCC community. Let’s go!

Executive Director August recap

While it’s holiday season in much of the Northern Hemisphere, the CCC’s work continues (uninterrupted even by the Olympics and Paralympics!), and as we’ve grown over the past few years, we’ve made the decision to continue Governing Board meetings throughout the year, instead of breaking for the (Northern) summer period.  The Governing Board manages the strategic and policy directions of the CCC, including budgetary decisions and the acceptance of new open-source projects into the Consortium.  Attendance is open to officers of the Consortium, Premier Member representatives, and the elected Governing Board representatives of the General Members.  Representatives from other committees typically attend and present the status of work in their respective areas and sometimes the Governing Board requests reports from other groups.

While keeping within the governance structure of the Consortium, we try to maintain a “minimal viable governance” approach.  Post-Covid (and changing travel budget constraints for many organizations), opportunities to meet in person have been reduced, so we are considering a face-to-face meeting (supplemented by video conferencing) at the Linux Foundation Member Summit in November: please let us know if you’re going to be there (even if you’re not a Premier member!).

One of the areas that the Governing Board has been keen to promote work on this year has been lowering barriers to the adoption of Confidential Computing.  One of these is the availability of Attestation Verification Services, which allow consumers of Confidential Computing services to gain the cryptographic assurances about the workloads they need.  Attestation is a core part of Confidential Computing, and the word “attested” was deliberately added to the CCC’s definition of Confidential Computing to reflect that:
“Confidential Computing is the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.”

The CCC has recently kicked off a piece of work to encourage discussion of business models around Attestation Verification Services and to help those considering providing or consuming them.  An initial discussion document has generated a great deal of input and the plan is to start a working group with online meetings later in August.  If you are interested in participating, please get in touch.

CC Mini Summit Agenda Announced!

Bringing EU Community Together

CCC is hosting the “Confidential Computing Mini Summit” at the Open Source Summit EU, Vienna Austria

  • 📢 Mini Summit Agenda
  • ⏰ Time: 13:30 – 17:00
  • 📍 Room 0.14 (level 0) – see floor plan here
  • 🎫 Mini Summit Registration Fee: $10
  • 💰 20% Discount Code for Main Summit: OSSEUCOLOSPK20
    (*Note: Registration for the main conference is required to attend the Mini Summit.)
  • Register Here

Post-Quantum Cryptography

Over the last few weeks at TAC meetings, we’ve been discussing the new evolution of cryptography called Post-Quantum Cryptography or PQC. As full-scale quantum computers become more and more likely, cryptographers have had to invent new algorithms that will remain secure against adversaries with new capabilities. In Confidential Computing, we rely on cryptography in a number of ways to protect workloads in use. As a trusted execution environment (TEE) starts we use cryptographic hash algorithms to fingerprint each component.

Later we use cryptographic signatures when the hardware attests to those measurements. While the workload is running the memory is protected with encryption and in some cases integrity provisions. Some of these algorithms are more impacted by quantum computing than others. Hardware vendors will need to update their algorithms. Software vendors may want to shield downstream adopters by carefully designing their APIs. If you are interested to learn more keep your eyes open for an upcoming blog on our Post Quantum Cryptography discussions or watch our Tech Talk.

TAC Tech Talk playlist 

Bringing EU Community Together

CCC is hosting the “Confidential Computing Mini Summit” at the Open Source Summit EU, Vienna Austria

  • 📢 Mini Summit Agenda
  • ⏰ Time: 13:30 – 17:00
  • 📍 Room 0.14 (level 0) – see floor plan here
  • 🎫 Mini Summit Registration Fee: $10
  • 💰 20% Discount Code for Main Summit: OSSEUCOLOSPK20
    (*Note: Registration for the main conference is required to attend the Mini Summit.)
  • Register Here

Web3 Use Case

Enabling Verifiable, User-Owned and Tradable AI Agents in Games – with Veriplay, Polygon, Immutable and Super Protocol

True Web3 Games, with their potential for rich gaming experiences, advanced AI agents, and genuine digital asset ownership, can only reach their full potential through the implementation of Confidential Computing in a truly decentralized manner. The Confidential Computing Consortium, alongside its member Super Protocol, is at the forefront of this revolution, demonstrating how these technologies can unlock new business opportunities.

Read the Full Use Case

Community Blog Highlights