The Linux Foundation Projects
Skip to main content
Tag

#ConfidentialComputing #CybersecurityEvolution #TechJourney

Aug 05

Welcome to the July 2025 Newsletter

By Newsletter No Comments
JulyNewsletter

In Today’s Issue

  1. From the Executive Director
  2. Outreach
  3. Upcoming Events
  4. From the TAC
  5. Recent News

Hello Community Member,

This month’s update features progress across our technical community, including updates from the TAC and Outreach Committees, new project proposals, upcoming event plans for the fall, and exciting member news. From standards engagement to real-world demo planning, the CCC continues to build momentum across the ecosystem. Read on for the latest news!

From the Executive Director (ED)

As the summer hits in the Northern Hemisphere, things sometimes slow down, but although there are no major conferences for a month or so at which the CCC is appearing, committee and SIG meetings are continuing apace.  Of particular note is the Outreach Committee’s has task force to evaluate the effectiveness and value for money of the various activities in which we engage.  A number of TAC SIG members have been working with standards bodies to ensure that Confidential Computing is appropriately represented in their outputs and also to work on various protocols that include Confidential Computing primitives. We always welcome involvement in our various committees and SIGs – and you don’t need to be a member to contribute, so please come along.  

It’s also worth noting that almost all of our meetings are recorded and made available on the Confidential Computing Consortium’s YouTube channel, allowing you to catch up on any topics you’ve missed.  There are Slack channels and mailing lists for asynchronous communication as well: visit the Committees page on the website for more information.

Finally, we have a number of new members expected to join us in the next few weeks, so keep an eye out for news around that!

Outreach

The Outreach Committee carried the Confidential Computing message to the market across a range of channels.  Website, blog, and social metrics were all up over the quarter.  We also came away from CC Summit and OSS North America with a good archive of talks from many members available for promotion.  We are gearing up for two major in-person events in Q4’25: AI Infrastructure Summit (Silicon Valley) in September, and a bespoke customer workshop in San Francisco in October.  For the AI Infrastructure Summit, we have a full slate of activities including on-line workshops, panel discussions, sessions, podcast appearances, and the CCC booth.  The October event will be a one-day workshop featuring speakers, demos, and customer success stories.  Thanks to all the members contributing their efforts to these events.

Outreach is also in the midst of a strategy reassessment.  We are looking at our objectives and tactics and plan to report out to the Governing Board soon with recommendations we believe will drive more awareness, engagement, and adoption of Confidential Computing.

Upcoming Events

From the TAC

The Open Enclave SDK project recently completed its 2025 annual review, highlighting its continued role as one of the most mature and widely adopted projects within the Confidential Computing Consortium. Designed to support hardware-backed Trusted Execution Environments, OE remains central to production deployments—particularly in Intel SGX-based systems—offering a stable, well-maintained foundation for building secure enclave applications. The project’s ongoing contributions, robust documentation, and ecosystem integration make it a critical pillar of the CCC’s technical landscape. Its long-standing reliability continues to benefit both new developers and organizations building trusted workloads at scale.

In addition, the TAC is currently reviewing a proposal for a new project: dstack, an open-source confidential AI orchestration framework. Designed for secure deployment of AI workloads in TEEs, dstack represents a promising direction for expanding the Consortium’s footprint into privacy-preserving machine learning. The proposal is available on the TAC mailing list for community review, and a resolution is expected next month. We encourage members to explore the project and share feedback as part of our open, collaborative governance process.

Screenshot 2025-07-31 at 4.06.37 PM

Recent News

  • Missed the Confidential Computing Consortium Mini Summit at OSSNA 2025? The full session recordings are now live on the CCC YouTube channel! From ecosystem updates to deep dives into real-world applications, catch talks from leaders at NVIDIA, Microsoft, and more. Catch up now.
  • Confidential Computing underpins the “Mesh”, a secure-by-design alternative to the web. CCC member Hushmesh—a 2024 NATO DIANA startup (DIANA being NATO’s Defence Innovation Accelerator for the North Atlantic)—has been selected for NATO’s Rapid Adoption Action Plan, ratified at the 2025 NATO Summit in The Hague. In collaboration with NATO DIANA, the NATO Communications and Information Agency (NCIA), and NATO HQ, Hushmesh will begin pilots of its Confidential Computing-based technologies: Universal Zero Trust, Entity-Centric Information Security, and “Meshaging.” This selection highlights the strategic relevance of Hushmesh’s “Mesh” infrastructure for defense and alliance-wide trustworthy collaboration.
    At the core of Hushmesh’s approach is Confidential Computing, which ensures that information remains protected not only at rest and in transit, but also in use—secured within hardware-based Trusted Execution Environments (TEEs). This secure-by-design foundation underpins the Mesh: a next-generation global information infrastructure that automates end-to-end information provenance, integrity, authenticity, confidentiality, privacy, and zero trust at the computing process and chip levels. It represents a fundamental shift from legacy IT-centric, and domain-centric web paradigms—addressing foundational vulnerabilities with today’s computing approaches. Built on Confidential Computing, the Mesh offers a path to universal cybersecurity and cross-domain trust to meet the secure collaboration needs of NATO and other large-scale organizations operating across national and corporate boundaries.
  • Are open source attestation tools speaking the same language? In Harsh Vardhan Mahawar’s LFX mentorship with the CCC, he tackled this challenge – mapping Keylime, Veraison & JANE to the IETF’s RATS model, implementing the CMW wrapper, and introducing python-ear for EAT attestation results. Read the blog.
  • What is Confidential Computing—and why does it matter? Watch the interview with Mike Bursell, Executive Director of the Confidential Computing Consortium, as he breaks down the fundamentals of confidential computing, attestation, and their growing importance in today’s security landscape.
CCCInterview

We’re excited to welcome Tinfoil as the newest start-up member of the Confidential Computing Consortium. Tinfoil is an open source platform delivering cryptographically verifiable privacy for AI workloads—ensuring user data remains protected, even from the cloud provider. Learn more about their work and how they plan to contribute to the CCC community.

Best regards,

The Confidential Computing Consortium

Let’s grow our community!  Share this with your network.

Jul 29

Harmonizing Open-Source Remote Attestation: My LFX Mentorship Journey

By Blog No Comments

By Harsh Vardhan Mahawar

This blog post encapsulates my experience and contributions during the Linux Foundation Mentorship Program under the Confidential Computing Consortium. The core objective of this mentorship was to advance the standardization of remote attestation procedures, a critical facet of establishing trust in dynamic and distributed computing environments. Through focusing on the IETF’s Remote Attestation Procedures (RATS) architecture, we aimed to enhance interoperability and streamline the integration of various open-source verifier projects like Keylime, JANE, and Veraison.

Motivation: Why Standardization Matters

Open-source remote attestation tools often develop independently, resulting in inconsistencies in how they format and exchange attestation data. This fragmentation poses a challenge for interoperability across verifiers, relying parties, and attesters.

My mentorship focused on aligning these implementations with two crucial IETF drafts:

The goal was to standardize both evidence encoding and attestation result reporting, facilitating smoother integration between systems.

Laying the Foundation: Mapping to the RATS Architecture

Before diving into implementation, a fundamental understanding of the RATS architecture and its alignment with existing solutions was paramount. The RATS Working Group defines a standardized framework for remote attestation, enabling a Relying Party to determine the trustworthiness of an Attester based on evidence produced by such an Attester.

Our initial phase involved a detailed mapping of prominent open-source remote attestation tools—Keylime, JANE, and Veraison—against the RATS architectural model. This exercise was not merely theoretical; it was an actionable analysis driven by key principles:

  • Granularity: Pinpointing specific components and their RATS functions, rather than broad role assignments.
  • Data Flow: Analyzing the journey of evidence, endorsements, and attestation results to align with RATS conveyance models.
  • Standardization Focus: Identifying areas where these projects could adopt RATS-recommended standards.
  • Actionable Insights: Providing clear directions for modifications to enhance RATS compliance.

This foundational work was crucial because it provided a clear roadmap, highlighting where standardization gaps existed and how our contributions could most effectively bridge them, fostering a more unified confidential computing ecosystem.

1. Keylime

Keylime is a comprehensive remote attestation solution for Linux systems, focusing on TPM-based attestation. It ensures cloud infrastructure trustworthiness by continuously collecting and verifying evidence.

2. JANE

Jane Attestation Engine (a fork and major rewrite of the former A10 Nokia Attestation Engine i.e. NAE) is an experimental remote attestation framework designed to be technology-agnostic.

3. Veraison

Veraison is an attestation verification project under the Confidential Computing Consortium. It focuses on providing a flexible and extensible Verifier component for remote attestation, supporting multiple attestation token formats and providing APIs for evidence verification and endorsement provisioning.

Standardizing Evidence: The Conceptual Messages Wrapper (CMW)

A significant challenge in remote attestation is the diversity of evidence formats produced by different attestation technologies. This heterogeneity necessitates complex parsing and integration logic on the Relying Party’s side. The Conceptual Message Wrapper (CMW), as defined by IETF, offers a solution by providing a standardized collection data structure for attestation evidence.

My work involved implementing CMW within Keylime. The goal was to transition Keylime’s custom KeylimeQuote evidence format to the standardized CMW format, specifically targeting a new API version vX.X (version to be finalized). This involved:

  • Encapsulation: Wrapping disparate evidence components—such as TPM TPMS_ATTEST structures, TPMT_SIGNATURE values, PCRs, IMA measurement lists, measured boot logs, and Keylime-specific metadata (e.g., public key, boot time)—into a unified CMW structure.
  • Serialization: Ensuring proper base64url encoding and adhering to a defined JSON schema for the wrapped evidence.
  • Canonical Event Log (CEL) Integration: A crucial part was integrating the Canonical Event Log (CEL) format (from the Trusted Computing Group) for IMA and measured boot logs, further enhancing interoperability. This required careful parsing of raw log data and constructing CEL-compliant entries.
  • API Versioning: Implementing logic within the Keylime agent to serve CMW-formatted evidence for vX.X (version to be finalized) requests, while retaining support for legacy formats.

The motivation behind adopting CMW is clear: it significantly streamlines the implementation process for developers, allowing Relying Parties to remain agnostic to specific attestation technologies. This approach fosters extensibility, enabling easier support for new conceptual messages and attestation technologies without altering the core processing logic.

Standardizing Appraisal Results: EAT Attestation Results (EAR)

Beyond standardizing evidence, it is equally important to standardize the results of attestation. This is where the EAT Attestation Results (EAR) comes into play. EAR provides a flexible and extensible data model for conveying attestation results, allowing a verifier to summarize the trustworthiness of an Attester concisely and verifiably.

My contribution to EAT standardization focused on two main fronts:

  1. Developing a Python Library (python-ear): I developed a Python library (python-ear) that implements the EAT Attestation Results (EAR) data format, as specified in draft-fv-rats-ear. This library provides essential functionalities:
  • Claim Population: Defining and populating various EAR claims (e.g., instance_identity, hardware, executables, configuration) that represent appraisal outcomes.
  • Serialization/Deserialization: Encoding EAR claims as JSON Web Tokens (JWT) or Concise Binary Object Representation Web Tokens (CWT) and decoding them.
  • Signing and Verification: Supporting cryptographic signing of EAR claims with private keys and verification with public keys to ensure data integrity and authenticity.
  • Validation: Implementing validation logic to ensure EAR objects adhere to the specified schema.
  1. Keylime EAT Plugin: This work extends Keylime’s durable attestation framework by integrating EAT-based appraisal logic. The goal is to transform raw attestation evidence and policy data into structured AR4SI TrustVector claims, thereby enhancing the auditability and semantic richness of attestation outcomes. This critical step involved:
  • Evidence Validation: Leveraging Keylime’s existing functions to perform comprehensive validation of TPM quotes, IMA measurements, and measured boot logs.
  • Failure Mapping: Precisely mapping the various Failure events generated during Keylime’s internal validation processes to specific TrustClaim values within the EAT TrustVector. For instance, a quote validation failure indicating an invalid public key would map to an UNRECOGNIZED_INSTANCE claim.
  • State Management: A significant challenge was ensuring that the EAT appraisal logic could utilize Keylime’s validation functions without inadvertently altering the agent’s internal state, which could interfere with Keylime’s continuous attestation workflow. This necessitated careful refactoring and the introduction of flags to prevent state changes.
  • Submodule Status: Defining how the overall status of the EAT submodule (e.g., “affirming,” “warning,” “contraindicated”) is derived from the aggregated TrustClaim values.

The implementation of EAT is vital for realizing the full potential of remote attestation. It provides a common language for trustworthiness, allowing Relying Parties to make automated, policy-driven decisions based on a consistent, verifiable attestation result, irrespective of the underlying hardware or software components being attested.

Conclusion and Future Outlook

This LFX Mentorship has been an invaluable journey, providing a unique opportunity to contribute to the evolving landscape of confidential computing. By focusing on RATS architecture mapping, implementing the Conceptual Message Wrapper for evidence, and integrating Entity Attestation Tokens for appraisal results, we have made tangible steps towards enhancing interoperability, standardization, and the overall security posture of open-source remote attestation solutions.

The work on CMW and EAT is critical for fostering a more robust and scalable trusted and confidential computing ecosystem. It enables easier integration of diverse attestation technologies and provides a unified, machine-readable format for conveying trustworthiness. My gratitude goes to my mentors, Thore Sommer and Thomas Fossati, for their guidance, insights, and continuous support throughout this program.

While significant progress has been made, the journey towards a fully harmonized remote attestation ecosystem continues. Future efforts will involve full upstreaming of these changes into the respective projects and exploring broader adoption across the confidential computing landscape, further solidifying the foundations of trust in a dynamic digital world.

References

  1. IETF’s Remote Attestation Procedures (RATS) architecture
  2. Keylime
  3. JANE
  4. Veraison
  5. CMW (Conceptual Messages Wrapper)
  6. EAT (Entity Attestation Token)
  7. EAR (EAT Attestation Results)
  8. Canonical Event Log (CEL)
  9. python-ear library
Jul 21

Welcoming Tinfoil to the Confidential Computing Consortium

By Blog No Comments

We’re thrilled to welcome Tinfoil as the newest start-up member of the Confidential Computing Consortium (CCC)!

Tinfoil is an open source platform delivering cryptographically verifiable privacy for AI workloads. Their mission is to make it safe to process sensitive data through powerful AI models—without compromising user privacy. By leveraging confidential computing technologies, including NVIDIA’s confidential computing-enabled GPUs, Tinfoil ensures that no one—not even Tinfoil or the cloud provider—can access private user data. The platform also safeguards AI model weights from unauthorized access and supports end-to-end supply chain security guarantees.

“We’re excited to collaborate with the community to make hardware-backed AI privacy the standard.” — Tanya Verma, CEO of Tinfoil

As a company deeply invested in confidential computing, Tinfoil is joining CCC to both learn from and contribute to the broader ecosystem. Their team is especially interested in collaborating with others working at the intersection of secure hardware and AI, and in helping shape future standards for confidential AI. Currently, they’re using Ubuntu Confidential VMs from Canonical and NVIDIA’s verification tools, with plans to contribute to these open source projects over time.

We’re excited to have Tinfoil join the CCC community and look forward to the insights and innovation they’ll bring as we work together to advance the future of trusted, verifiable computing.

Jul 08

Welcome Mainsail Industries as a New Confidential Computing Consortium Start-up Member!

By Blog No Comments
WelcomeMainsail

We’re thrilled to welcome Mainsail Industries as the newest start-up member of the Confidential Computing Consortium (CCC)! As pioneers in secure edge virtualization, Mainsail is joining a global community of leaders who are shaping the future of confidential computing—together.

About Mainsail Industries

Mainsail Industries is on a mission to deliver the world’s most secure edge virtualization platform and common computing environment—safeguarding critical infrastructure and the defense industrial base, while enabling organizations to modernize and achieve mission success.

At the heart of their innovation is Metalvisor, a secure, cloud-native virtualization platform purpose-built for the modern edge. Designed with simplicity, scalability, and security in mind, Metalvisor helps organizations extend the life of their most critical assets and meet the evolving demands of today’s mission-critical workloads.

What is Metalvisor?

Metalvisor is redefining what secure virtualization can look like. Unlike traditional hypervisors, Metalvisor is designed for modern workloads—Virtual Machines (VMs), MicroVMs, and Containers—while eliminating the operational complexity that often comes with secure infrastructure. It leverages cutting-edge technologies to streamline cluster management, support cloud-native patterns, and ensure security through Trusted Execution Environments (TEEs) and Trusted Workload Identity (TWI).

Metalvisor in Action:

  • Secure Edge Computing: Metalvisor brings cloud-native capabilities to the edge, optimizing size, weight, power, and cost (SWaP-C) for environments where security and performance are paramount.
  • Secure Containers: Simplifies virtualization for container-based workloads, blending the agility of containers with the protection of next-generation hypervisors.
  • Secure AI: Protects sensitive AI/ML workloads through TEEs and TWI, ensuring both data and model integrity via hardware-rooted trust.

Why Mainsail Joined the CCC

“Joining the Confidential Computing Consortium is an exciting milestone for Mainsail. As CTO, I’m inspired by the level of thought leadership and collaboration happening within the CCC. It’s rare to find a space where so many different organizations come together to shape the future of secure computing, and I believe this collective effort will have a lasting, global impact.”
— Brad Sollar, CTO & Co-Founder

Mainsail sees the CCC as both a community of peers and a catalyst for impact. With deep experience in trusted workloads, confidential virtualization, and workload identity, the team is eager to share insights from building Metalvisor—and to learn from other contributors tackling similar challenges.

Mainsail is especially excited to contribute to the development of standards and best practices around Trusted Workload Identity—a key capability in delivering secure, scalable computing environments.

Contributing to the Ecosystem

Mainsail is actively contributing to the Trusted Workload Identity (TWI) Special Interest Group, collaborating with 21 other contributors to advance the trustworthiness and interoperability of workload identity solutions across platforms.

“Collaborating with 21 other contributors in the Trusted Workload Identity (TWI) SIG reaffirmed Metalvisor’s leadership in confidential computing. We’re proud to be shaping the future of this next-generation technology, bridging the gap between trusted execution environments and trusted workloads—a capability Metalvisor has delivered since day one.”
— Eric Wolfe, Chief Engineer

Please join us in giving a warm welcome to the team at Mainsail Industries! We look forward to the expertise and innovation they’ll bring to the Confidential Computing Consortium.

Jul 03

Welcome to the 2025 June Newsletter

By Newsletter No Comments

In today’s issue, learn about:

  1. From the Executive Director
  2. Outreach
  3. Upcoming Events
  4. From the TAC
  5. Recent News

Welcome to our latest newsletter! The June 2025 CCC newsletter spotlights recent events the CCC community has participated in, as well as technical updates on Coconut SVSM and Glossary. Read all the details below!

From the Executive Director (ED)

The second half of June has been a very busy time for Confidential Computing, with three events nearly back-to-back. The first was the Confidential Computing Summit in San Francisco, organized by CCC member Opaque, sponsored by the CCC and attended by many members. I gave a keynote on Aligning Confidential Computing with Use Cases, and there were keynotes and sessions from many very illustrious members of our community. Nelly Porter (Chair of the Governing Board), Dan Middleton (Chair of the Technical Advisory Committee) and I also ran a panel on the CCC, what we’re for and the benefits of engagement. Videos of sessions at the event should be available shortly, and are certainly worth watching to catch up.

The week after, in Denver, the Linux Foundation’s Open Source Summit North America also contained a number of sessions around Confidential Computing, and was followed the day after by a mini-Summit on Confidential Computing, run by the CCC.

These events can only take place with the involvement of our members, and I’d like to thank the individuals and organizations who devote time and resources to making them work. We have more events coming up: for more information, join one of the Outreach Committee’s meetings (or watch them on YouTube!).

Outreach

Confidential Computing Summit Retro

The 2025 Confidential Computing Summit featured an impressive lineup of 93 sessions across two days, bringing together senior leaders from Microsoft, NVIDIA, Meta, Intel, IBM, Google, and renowned academics from Stanford and Berkeley. The agenda included a mix of technical deep dives, thought leadership panels, and hands-on workshops led by teams from LangChain, CrewAI, and Galileo, offering valuable opportunities to explore topics such as agentic AI and secure deployment frameworks.

The Confidential Computing Consortium booth served as a central hub for member companies to showcase their latest projects and engage with attendees on the evolving mission of confidential computing.

A key highlight was the Confidential Computing Consortium session, where leaders such as Mike Bursell, Dan Middleton, and Nelly Porter from the Linux Foundation, Outreach Committee, Technical Advisory Council, and Governing Board came together for a panel discussion. The session offered attendees a unique look into the consortium’s collaborative efforts, major milestones, and cross-industry priorities. It provided a clear roadmap for how the consortium is driving innovation through community engagement, ecosystem alignment, and open development, and how individuals and organizations can get involved.

Confidential Computing Mini Summit Retro

The Confidential Computing Mini Summit at OSS NA 2025 took place on Thursday, June 26, from 1:30 to 5:00 PM in Colorado. The half-day summit brought together experts and practitioners to explore the latest advancements in confidential computing across infrastructure, AI, and distributed systems.

The summit featured a series of in-depth technical talks. Laura Martinez opened the program with “Scaling Trust for Autonomous Intelligence with NVIDIA”, highlighting how NVIDIA is enabling secure, scalable AI through confidential computing. Donghang Lu followed with “Trustless Attestation Verification in Distributed Confidential Computing”, where he introduced innovative methods for establishing trust in decentralized environments without relying on traditional trust anchors. Finally, Julian Stephen presented “Confidential Computing for Scaling Inference Workloads”, outlining techniques to secure and optimize AI inference using confidential computing technologies. The event concluded with a wrap up session led by Mike Bursell, who summarized key takeaways and encouraged continued collaboration across the ecosystem.

Session recordings will be available soon. Please stay tuned on our Confidential Computing Consortium channel at YouTube.

Upcoming Events

From the TAC

This month we had a great update from Coconut SVSM. The project has matured tremendously and has added a governance structure that will help ensure an architecture in balance with the different TEE providers in the community. 

We also revisited the Glossary project that was initiated last year. After some initial work the Glossary was left untended. For now we’ve decided that we should invest more in it rather than shut it down. The project is useful to other organizations outside of the CCC to have plain language, informal explanations of our terminology. This is a great place to contribute if you are looking to get involved.

Recent News

  • Reporting on the Endorsement API Workshop at Linaro Connect 2025: Last month saw the annual gathering of engineers and experts from across the Arm ecosystem for the Linaro Connect 2025 conference, which this year took place in Lisbon. As promised, confidential computing was an important theme at this year’s conference. Read more in our recap blog.

Best regards,

The Confidential Computing Consortium

Let’s grow our community!  Share this with your network.

Jun 03

Welcome to the 2025 May Newsletter

By Newsletter No Comments

In Today’s Issue

  1. From the Executive Director
  2. Outreach: RSAC Retro
  3. Upcoming Events
  4. From the TAC
  5. Recent News

Welcome to our latest newsletter! The May 2025 CCC newsletter spotlights growing momentum in Confidential Computing through key updates from RSA Conference, outreach activities, and technical advancements such as the SPDM Tools project. It also highlights upcoming events, recent cloud announcements from Intel and Azure, and calls on members to share their stories for broader amplification.

From the Executive Director (ED)

Conference season is fully underway, with the CCC getting involved in various ways in RSA Conference NA (see last month’s newsletter), Linaro Connect in Lisbon earlier in May, and the Confidential Computing Summit and Open Source Summit in June.  Our mission is always to spread the news about Confidential Computing, its use cases and how open source is a great fit – but there’s another aim, as well, which is to encourage our members to tell their stories and show their value to the ecosystem.  

If you’re a member of the CCC and are speaking at a conference, promoting a blog post, posting a set of videos or just making a noise about Confidential Computing, we want to hear about it!  The CCC’s social media reach is already wide and currently expanding (attend our Outreach calls to learn more) and the Consortium isn’t about and for itself – it’s about our members.  So tell us what you’re up to, and we’ll work with you to amplify what you’re up to and show that Confidential Computing isn’t just a niche solution, but a well-proven technology already implemented by industry players large and small across the globe.

Outreach

RSAC – Retro

This year’s RSAC Conference drew nearly 44,000 attendees, 730 speakers, 650 exhibitors and 400 members of the media. Overall, RSAC booth theme centered on AI, reflecting the industry’s increasing focus on artificial intelligence-driven security solutions and innovations.

There was increased awareness about confidential Computing compared to previous years. The Confidential Computing Consortium booth received many questions about how to get started with confidential computing, showing growing interest in this technology. 

The Confidential Computing Consortium hosted an expanded presence at this year’s RSA Conference, featuring a booth twice the size of previous years. The enhanced setup provided a great platform to spotlight a wider array of member-led projects and innovations in Confidential Computing. A record number of CCC members participated by showcasing their technologies, sharing use cases, and engaging with the broader security community, including Anjuna, Fortanix, Hushmesh, IBM, Intel, Invary, Linux Foundation, NVIDIA, and TikTok (in alphabetical order). The strong turnout and collaboration indicated the growing momentum behind Confidential Computing technologies. 

The CCC saw encouraging engagement at RSAC this year, with 193 audience members expressing interest in the Consortium and its mission. This interest translated into digital engagement as well, with 55 unique visitors accessing the CCC landing page during the conference. These metrics reflect growing awareness and curiosity around Confidential Computing and the innovative work being led by CCC members across industries.

IMG_0716
IMG_0717

Upcoming Events

From the TAC

This month we highlight the SPDM Tools project. When we want to accelerate AI workloads it’s beneficial to bring a GPU into the security boundary. For that to work securely we have to build a secure channel between the CPU and the GPU. That is the job of Security Protocol and Data Model (SPDM), a DMTF standard. Our CCC project has enabled Intel, Nvidia, Rivos and other companies to work on a joint implementation of this standard. 

In fact, not just this standard but more. One of the “ah ha” moments during Jiewen Yao’s project update this month was from CCC community members who weren’t aware that SPDM Tools also includes implementations of two related protocols, TDISP and IDE. In the near future, the industry will move towards “TEE-IO” which uses SPDM, TDISP, and IDE standards together to shuttle data between the CPU and GPU at speeds near direct memory access (DMA) rates. We had a brief discussion about renaming the project “TEE-IO Tools” to reflect that expanse better. The maintainers, however, pointed out that SPDM can be used on its own to great value in attesting devices independent of TEE-IO. While TEE-IO might be the long term focus for many of us in Confidential Computing, SPDM Tools will still enable use cases in the nearer term and long term that don’t involve the other protocols. 

Finally, if you want to understand what these protocols do and how they work (and you don’t want to read the open source code 🙂 ) you can watch the 2023-06-20 presentation at the Attestation SIG from governing board representative and SPDM Tools maintainer, Samuel Ortiz.

Recent News

  • Intel® TDX is available on IBM Cloud Virtual Servers for VPC.
  • Preview for the next generation of Azure Intel® TDX Confidential VMs:
    • We are excited to announce the preview of Azure’s next generation of Confidential Virtual Machines powered by the 5th Gen Intel® Xeon® processors (code-named Emerald Rapids) with Intel® Trust Domain Extensions (Intel® TDX).  This will help to enable organizations to bring confidential workloads to the cloud without code changes to applications. The supported SKUs include the general-purpose families DCesv6-series and the memory optimized families ECesv6-series.
    • Confidential VMs are designed for tenants with high security and confidentiality requirements, providing a strong, attestable, hardware-enforced boundary. They ensure that your data and applications stay private and encrypted even while in use, keeping your sensitive code and other data encrypted in memory during processing.
    • Please sign up at here.
  • Applied Blockchain Turns 10: An Evening of Insight & Innovation – Live Event
AppliedBlockchain

Subscribe to our newsletter!

May 14

EQTY Lab Joins the Confidential Computing Consortium to Reinvent Trust in AI

By Blog No Comments

EQTY Lab, a pioneering startup dedicated to securing the future of artificial intelligence, is joining the Confidential Computing Consortium (CCC) as a Startup Member. Known for its innovative work in cryptographic AI governance, EQTY Lab has developed technologies that bring integrity, transparency, and accountability to high-stakes AI deployments across sectors like the public sector, life sciences, and media.

The CCC is excited to welcome EQTY Lab into its growing community of leaders advancing confidential computing. By joining the consortium, EQTY Lab deepens its commitment to building systems that protect sensitive data and enable trust throughout the AI lifecycle. Their flagship solution, the AI Integrity Suite, uses confidential computing and verifiable compute to provide cryptographic proofs of AI operations, making agentic training and inference both secure and auditable.

“At EQTY Lab, we believe the future of AI depends on creating systems that can be trusted with sensitive data and mission-critical decisions,” said Jonathan Dotan, CEO of EQTY Lab. “Joining the Confidential Computing Consortium represents a significant step in our mission to build verifiable AI systems that operate with both privacy and accountability that can now begin on the processor itself.”

EQTY Lab’s recent launch of a Verifiable Compute solution marks a milestone in confidential AI. The platform uses hardware-based cryptographic notaries, leveraging CCC technologies like VirTEE on AMD SEV and exploring future adoption of COCONUT-SVSM. This ensures a tamper-proof record of every data object and code executed during AI workloads.

By participating in CCC, EQTY Lab aims to integrate deeper with open source projects and contribute to developing next-generation specifications for secure AI. Their work spans from implementing Intel’s TDX and Tiber solutions to contributing to Linux Foundation efforts like SPDX and SLSA, aligning secure enclave attestations with modern SBOM standards.

EQTY Lab joins a vibrant community of innovators within the CCC, committed to ensuring that confidential computing becomes the foundation of secure, trustworthy, and privacy-preserving technologies.

Confidential Computing Consortium Resources:

Follow us on X or LinkedIn

Sep 30

Key Takeaways from the Confidential Computing Consortium Mini Summit at OSS EU

By Blog No Comments

The Confidential Computing Consortium (CCC) recently participated in the Open Source Summit Europe (OSS EU), hosting a dedicated Confidential Computing Mini Summit. 

The event gathered some of the brightest minds in the industry to discuss the evolving landscape of Confidential Computing, its capabilities, and its impact across various industries. 

Check it out—All sessions from the summit are now available on the CCC YouTube channel for anyone who missed the event or wants to revisit the discussions.

Mini Summit Recap

The Mini Summit featured an impressive lineup of speakers and thought leaders, offering insights into the latest trends and innovations in Confidential Computing. Here’s a recap of the key sessions:

Opening Keynote- Confidential Computing: Enabling New Workloads and Use Cases

Mike Bursell, Executive Director of the CCC, opened the summit with a deep dive into Confidential Computing, showcasing how hardware-based Trusted Execution Environments (TEEs) now support new workloads. He highlighted its role in securing data with hardware-backed security and attestation, while exploring emerging applications in Generative AI, Web3, and multi-party computation.

Mike emphasized the transformative power of Confidential Computing, enabling secure workloads through the fusion of hardware security and cryptographic assurances. As Confidential Computing grows, remote attestation is becoming crucial, ensuring confidentiality and integrity in sensitive workloads across diverse environments.

Presentation here

Mini Summit Sessions

Cocos AI – Confidential Computing

  • Drasko Draskovic (CEO, Abstract Machines) and Dusan Borovcanin (Ultraviolet) shared, with a demo, how Cocos AI, using Confidential Computing, is leveraging computing to create more secure AI environments.

Presentation here

TikTok’s Privacy Innovation- A Secure and Private Platform for Transparent Research Access with Privacy-Enhancing Technologies

  • Mingshen Sun (Research Scientist, TikTok) presented TikTok’s approach to privacy-enhancing technologies, showcasing a secure and private platform designed for transparent research access.  The TikTok project is currently going through the process of being accepted as an open source project under the CCC.

Panel Session:  Attestation and Its Role in Confidential Computing

  • This panel, moderated by Mike Bursell, included expert perspectives from Paul Howard (Principal System Solutions Architect, Arm), Yuxuan Song (Ph.D. student, Inria Paris, and Sorbonne University), Ian Oliver(Cybersecurity Consultant), and Hannes Tschofenig (Professor, University of Applied Sciences Bonn-Rhein-Sieg). They explored how remote attestation serves as a key enabler for confidentiality and integrity, driving business value by assuring the trustworthiness of computing environments.  A wide-ranging – and at times quite lively! – discussion covered topics from IoT use cases to issues of transparency, from attestation models to approaches to integration.

Supporting Confidential Computing Across Europe’s Cloud-Edge Continuum

  • Francisco Picolini (Open Source Community Manager, OpenNebula Systems) highlighted the efforts to extend Confidential Computing capabilities within a new European project, looking across in the cloud and edge computing spaces.

Presentation here

Hiding Attestation with Linux Keyring in Confidential Virtual Machines

  • Mikko Ylinen (Cloud Software Architect, Intel) presented an innovative approach to using Linux Keyring to enhance security in confidential virtual machines, offering new techniques for securing workloads.

Presentation here

Looking Ahead

The Confidential Computing Mini Summit at OSS EU provided attendees with a comprehensive view of Confidential Computing’s present and future potential. Discussions around Gen AI, Web3, and multi-party computation showed how Confidential Computing is set to play a pivotal role in shaping the future of technology by enabling more secure, trusted, and scalable computing environments.

Join the conversation with the CCC and its ecosystem of members for more on how Confidential Computing is transforming industries and unlocking new capabilities. The future of secure computation is just beginning, and there’s much more to discover.

Confidential Computing Consortium Resources

Aug 20

End-User Devices for Confidential Computing: Exploring Islet

By Blog No Comments

Author:  Sal Kimmich

As technology evolves, the need for secure and confidential computing extends beyond servers and data centers to end-user devices such as smartphones, tablets, and personal computers. These devices are increasingly used to collect and process sensitive data, necessitating robust security measures to protect user privacy. One notable project within the Confidential Computing Consortium that addresses this need is Islet.

What is Confidential Computing?

Confidential computing is a security paradigm that aims to protect data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). This approach ensures that sensitive data remains encrypted and secure even when being processed, mitigating the risk of unauthorized access and tampering.

The Importance of Trusted Firmware

Trusted Firmware is the cornerstone of Confidential Computing, providing the essential security features and isolation needed to establish a trusted execution environment. Unlike regular firmware, Trusted Firmware includes mechanisms for secure boot, cryptographic verification, and hardware-based isolation of secure and non-secure execution environments. To understand more on this topic, view our blog on Trusted Firmware. 

Islet: A Platform for On-Device Confidential Computing

Islet is an open-source project designed to enable Confidential Computing on ARM architecture devices using the ARMv9 Confidential Compute Architecture (CCA). Its primary objective is to provide a secure platform for on-device Confidential Computing, thereby protecting user privacy and enabling secure processing of sensitive data directly on end-user devices. Islet is implemented in the Rust programming language, and utilizes Rust’s inherent memory safety features to create a robust and secure environment.

Key Features of Islet

  1. Realm Management Monitor (RMM):
    • Operates at EL2 in the Realm world on the application processor cores.
    • Manages confidential virtual machines (VMs), known as realms, ensuring their secure execution.
    • Islet RMM complies with ARm’s specifications for platform ABIs, which enables Islet to integrate seamlessly with the ARM ecosystem, supporting Linux and KVM patch for ARM CCA.
  2. Hardware Enforced Security (HES):
    • Performs device boot measurement and generates platform attestation reports.
    • Manages sealing key functionality within a secure hardware IP separate from the main application processor.
  3. Automated Verification:
    • Incorporates formal verification techniques to enhance the security of Islet, ensuring robustness against various attack vectors.

Use Case: Confidential Machine Learning

Islet showcases its capabilities through a confidential machine learning demo. In this scenario, a mobile device user interacts with a chat-bot application that runs on Islet. The chat-bot processes the request and communicates with an ML server through a secure channel, demonstrating end-to-end confidential computing. This use case highlights Islet’s potential in enabling secure and private machine-to-machine computing without relying on server-side intervention.

Why End-User Devices Need Confidential Computing

While traditional confidential computing solutions focus on server-side protection, securing end-user devices is equally important for several reasons:

  1. Initial Data Collection:
    • Sensitive data collection often begins at the user device level, making it crucial to protect this data from the outset.
  2. Privacy Apps:
    • As users increasingly rely on privacy-focused applications such as secure messengers, password managers, and private browsers, ensuring the confidentiality of data on these devices becomes essential.
  3. End-to-End Security:
    • By enabling confidential computing on user devices, Islet helps establish end-to-end security throughout the entire data processing path, from collection to computation.
  4. Machine-to-Machine Computing:
    • On-device confidential computing facilitates secure machine-to-machine communication, reducing the need for server intervention and enhancing overall security.

Conclusion

Confidential computing is not just for servers and data centers; it is equally critical for end-user devices. Projects like Islet within the Confidential Computing Consortium exemplify the application of Trusted Firmware principles to secure user devices. By providing a robust platform for on-device confidential computing, Islet ensures the privacy and security of sensitive data, paving the way for more secure and private user experiences.

For more information on Islet and its capabilities, visit the Islet GitHub repository.

Aug 13

Understanding Trusted Firmware in Confidential Computing: Coconut SVSM and VirTEE 

By Blog No Comments

Author:  Sal Kimmich

Trusted Firmware serves as the foundational layer in confidential computing, ensuring that the hardware and software environment’s security and integrity are maintained. Unlike regular firmware, Trusted Firmware is designed with additional security features and responsibilities to establish a Trusted Execution Environment (TEE). Here’s a deeper dive into what makes Trusted Firmware different and its role in confidential computing.

 

Differences Between Trusted Firmware and Regular Firmware

  1. Enhanced Security Features:
    • Regular Firmware: Primarily focuses on initializing hardware components and providing basic services to the operating system.
    • Trusted Firmware: Includes enhanced security features such as cryptographic verification of firmware components, secure boot, and mechanisms to enforce hardware-based isolation of secure and non-secure execution environments.
  2. Isolation and Trust:
    • Regular Firmware: Does not inherently provide mechanisms to isolate critical operations or sensitive data from the rest of the system.
    • Trusted Firmware: Establishes a TEE, isolating sensitive operations from the general-purpose operating system and protecting them from potential threats and unauthorized access.
  3. Responsibility and Scope:
    • Regular Firmware: Manages standard hardware initialization and operational tasks.
    • Trusted Firmware: Manages secure initialization of hardware features, authenticates and validates software components, and provides a secure execution environment for critical tasks.

Why Trusted Firmware is Necessary

Trusted Firmware is crucial for confidential computing because it provides a secure foundation that prevents unauthorized access and tampering. Here’s why Trusted Firmware is needed and how it differs from the regular OS and firmware:

Need for Trusted OS:

  • Purpose: To prevent resources from being accessed directly by the generalist OS running concurrently with it, such as preventing a user with root privileges from accessing sensitive resources.
  • Security: The Trusted OS operates with higher privileges and tighter security controls, ensuring that critical operations and data are protected even if the general OS is compromised.

Differences from Normal OS:

  • Size and Scope: The Trusted OS is designed to be small and secure, running with higher privileges than the general OS. For instance, in an ARMv8-a system, parts of the Trusted OS run at EL3 (highest privilege), while a hypervisor runs at EL2, and Linux at EL1.
  • Purpose: The Trusted OS is not meant to replace the general OS like Linux, which is extensive and feature-rich. Instead, it secures specific resources and operations from the general OS.

Security Provided by Trusted OS:

  • Threat Protection: It protects against attempts by users of the general OS to access resources managed by the Trusted OS, including both legitimate and illegitimate access attempts.
  • Mechanism: It uses secure mechanisms, such as the SMC instruction, to switch between the general OS and the Trusted OS when necessary to access secure resources.

Switching Between Trusted OS and Normal World:

  • Context Switching: Occurs when code running in the general OS needs to access a resource managed by the Trusted OS, such as decrypting content using a key only accessible by the Trusted OS.
  • Interrupt Handling: Hardware interrupts may also trigger a switch to the Trusted OS, allowing safe handling of interrupts within the TEE context.

Example Projects

COCONUT Secure VM Service Module (SVSM)

The COCONUT Secure VM Service Module (SVSM) exemplifies Trusted Firmware in confidential computing by providing secure services and device emulations for Confidential Virtual Machines (CVMs). Key features include:

  • Integration with AMD SEV-SNP: Utilizes AMD’s Secure Encrypted Virtualization with Secure Nested Paging, including the VM Privilege Level feature, to ensure robust hardware-based security.
  • Secure Boot and Authentication: Ensures a secure boot process and component authentication, maintaining a trusted execution path from the firmware to the CVM.

VirTEE

VirTEE is another project that demonstrates the application of Trusted Firmware principles. It focuses on:

  • Open Community Development: Collaborative development of tools for TEE bring-up, attestation, and management, supporting a wide range of virtualization platforms.
  • Support for Multiple Technologies: Includes tools and libraries for AMD SEV, SEV-SNP, and Intel TDX, providing comprehensive support for secure virtualization across different hardware platforms.

Discover more about VirTEE via their project repository. 

Conclusion

Trusted Firmware is essential for establishing and maintaining secure and reliable confidential computing environments. It provides enhanced security features, isolation, and trust mechanisms that are not present in regular firmware. Projects like COCONUT-SVSM and VirTEE illustrate the practical application of Trusted Firmware principles, showcasing robust frameworks for secure virtualized environments and cross-platform confidential computing. These projects ensure the integrity and confidentiality of sensitive data and operations, advancing the field of secure computing.