Confidential Computing Platform-Specific Details
Red Hat News, Friday, June 16,2023
Confidential Computing is a set of technologies designed to protect data in use (for example, it provides memory encryption).
This article is fifth in a six-part series (see the previous article), about various Confidential Computing usage models, and the requirements to get the expected security and trust benefits.
In this article, I explore the many available Confidential Computing platforms, and discuss how they differ in implementation, and specifically in how to perform attestation:
- AMD Secure Encrypted Virtualization (SEV) in its three generations (SEV, SEV-ES and SEV-SNP)
- Intel Trust Domain Extensions (TDX)
- IBM Z Secure Execution (SE)
- OpenPOWER Protected Execution Facility (PEF)
- ARM Confidential Compute Architecture (CCA)
At the moment, Qemu officially supports AMD, Power and IBM Z, and Intel maintains branches for TDX.