A Primer on Confidential Computing

Confidential computing uses trusted hardware to encrypt data in memory.

What is Confidential Computing?

Encryption in transit (when data is moving across networks) and encryption at rest (when data is stored) are well known data protection mechanisms. However, data must usually be decrypted while processing in memory or "in-use". Confidential computing is a breakthrough technology that encrypts data in-use using a hardware-based Trusted Execution Environment (TEE), unlocking a wide variety of use cases.

Confidential computing is gaining importance in public clouds, as organizations look to migrate workloads from their data centers and have concerns about the Cloud Service Provider's access to their data. It is increasingly being used to guard against malicious insiders, and offer confidentiality guarantees to regulators of financial and healthcare data.

Getting Started


Intel Software Guard Extensions (SGX)

Intel SGX offers hardware-based memory encryption that isolates specific application code and data in memory. It allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.

AMD Secure Encrypted Virtualization (SEV)

AMD SEV takes advantage of new security components available in AMD EPYC processors, namely an AES-128 encryption engine and AMD Secure Processor, for data-in-use protection.

Google Cloud

Google Cloud encrypts data in use with Confidential VMs and Confidential GKE nodes using AMD SEV technology. It allows customers to encrypt data in use without making any code changes to their applications or having to compromise on performance.

Confidential VMs encrypt memory with a dedicated per-VM instance key that is generated and managed by the AMD EPYC processor. These keys are generated by the AMD Secure Processor during VM creation and reside solely within it, making them unavailable to Google or any VMs running on the host.

In May 2019, Google introduced Asylo, an open-source framework and SDK for developing enclave applications. Asylo lets you take advantage of a range of emerging trusted execution environments (TEEs), including both software and hardware isolation technologies.

Amazon Web Services (AWS)

AWS Nitro Enclaves uses the Nitro Hypervisor technology to provides CPU and memory isolation for EC2 instances. Enclaves are fully isolated virtual machines, hardened, and highly constrained. They have no persistent storage, no interactive access, and no external networking. Communication between your instance and your enclave is done using a secure local channel. Even a root user or an admin user on the instance will not be able to access or SSH into the enclave. Attestation through the Nitro Hypervisor allows you to verify the enclave’s identity and that only authorized code is running in your enclave. Enclaves are processor agnostic, and can be used across instances powered by different CPU vendors. They are also compatible with any programming language or framework.

Microsoft Azure

Azure VMs based on AMD EPYC 3rd generation CPUs allow you to lift and shift applications without requiring any changes to code, and encrypt your entire VM at runtime. The keys used for this RAM encryption are generated inside the CPU and never leave it. Azure VMs based on Intel SGX allow for confidentiality and customization down to the application level, lifting-and-shifting existing applications into secure enclaves.

The Open Enclave SDK is a hardware-agnostic open source library for developing applications that utilize hardware-based TEEs or enclaves.


The Fortanix Confidential Computing Manager enables applications to run in confidential computing environments, verifies the integrity of those environments, and manages the enclave application lifecycle. The solution orchestrates critical security policies such as identity verification, data access control, and code attestation for enclaves that are required for confidential computing.

Confidential Computing Consortium

The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration. It brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.

Primers are curated content, periodically updated, and serve to get you started on the topic of interest (aka go down the rabbit hole ;))

Subscribe to alphasec

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.