Security of Confidential Computing in Open Infrastructure

20 May 2022

Confidential computing isolates data and code in a secure domain during processing. This secure domain – also called a  Trusted Execution Environment – is created using a combination of firmware and hardware features. In this post, we review the security considerations of Confidential Computing in Open Infrastructure projects.

Confidential Computing Platforms

Confidential Computing started off with a process-based isolation, implemented in Intel SGX. Nowadays, vendors are introducing hardware and firmware support for virtualization-based confidential computing. Several Open Infrastructure projects introduced support for confidential computing. The work goes on, motivated by strong interest from the user community. OpenStack supports since version Train launching virtual machines with memory protection. The Kata containers community is integrating support for virtualization-based confidential computing since early 2021. Right now it focuses on IBM Protected Execution Facility (IBM PEF) and AMD Secure Encrypted Virtualization (AMD SEV). Another upcoming technology is Intel Trusted Domain Extensions (Intel TDX). Support for Intel TDX is also in the scope but lagging behind since the hardware is not available yet. We hope to see other technologies – such as ARM Confidential Computing Architecture (ARM CCA) – also supported by Kata Containers once hardware becomes available. While the range of supported confidential computing features is already extensive, the Kata backlog is full of exciting issues to work on.

Diverse Implementations

As it often comes with paradigm-changing technologies, implementing support for confidential computing is a bumpy ride: the technology stack supporting confidential computing is eclectic; moreover threat models implementation and functionality vary across vendor platforms and results in diverging capabilities, trade-offs and security guarantees. This diversity is a good thing – since it allows addressing a more diverse set of use cases. However, making the right choices that enable new security features without compromising functionality is hard. To do this, it helps to understand the capabilities and limitations of each confidential computing technology. Next, the table below reviews several aspects across four leading enterprise server architectures for confidential computing.

Feature support

  • Memory encryption is supported on most architectures, except for IBM PEF which opted for memory isolation (at least in OpenPOWER 9).
  • Remote attestation is a defining feature of confidential computing. It helps to establish trust between the end user and the execution environment, by allowing end users to obtain a verifiable claim about the security properties of the trusted execution environment. Imagine the padlock in a web browser showing that an HTTPS connection is protected – except that this time it’s for workloads running in the cloud.
  • Secure Direct Memory Access to confidential computing environments is tricky. So far, only ARM CCA features support for this in its specifications.
  • Migration of Confidential Computing VMs has patchy support across the board; it is supported by AMD SEV-SNP and Intel TDX (in its specifications), is undefined for ARM CCA and is not supported out of the box in IBM PEF (at least according to a recent academic paper).
  • Finally, open implementation helps both wider community adoption and building trust in the solution. Out of the four leading enterprise server architectures, only the IBM PEF ultra-visor is available open source, while the ARM CCA specification is available to the licences. The implementations of either AMD SEV-SNP or Intel TDX are not openly available at this point.




Memory Encryption



Remote Attestation



Secure DMA



VM Migration







✅ * ✅ *


Knowing in depth the capabilities, trade-offs and limitations of confidential computing technologies is crucial to making full use of the functionality of each platform – whether it is Intel SGX, AMD SEV-SNP, IBM PEF, or the upcoming Intel TDX and ARM CCA. Thoughtful selection of the confidential computing technology can help address customer requirements with the best security guarantees and broadest functionality.

CanaryBit uses this expertise to build its Confidential Cloud platform for secure data sharing. Confidential Cloud currently supports Intel SGX and AMD SEV-SNP, and we are working on adding IBM PEF, Intel TDX and ARM CCA functionality whenever hardware support becomes broadly available. In a follow-up blog post, we will review several use cases that can be addressed using confidential computing support in OpenStack and Kata containers. We already address some of them at CanaryBit through our confidential data collaboration SaaS.

(This post was first released on Medium for the Kata Containers Community)

Get Started!

Explore Confidential Cloud and how it helps to secure your cloud infrastructure, protect your data from any AI workload and in turn, enable new business.



CanaryBit joins ABB ‘s innovation growth hub SynerLeap

CanaryBit joins ABB ‘s innovation growth hub SynerLeap

CanaryBit has become a member of Synerleap, ABB's innovation growth hub. Synerleap aims to create an ecosystem where ABB can utilize and enable technology companies to grow and expand on a global market in its business areas including industrial automation, robotics...

2023: more business, more challenges, more success to celebrate

2023: more business, more challenges, more success to celebrate

And just like that, in a blink of an eye, we have found ourselves at the end of yet another year. 2023 meant a lot to CanaryBit: it brought more business and challenges but also set the ground for growth for several years ahead. Let's rewind the year before it ends...

Preparing for DORA – a new challenge for financial entities

Preparing for DORA – a new challenge for financial entities

Preparations underway The Digital Operational Resilience Act (DORA), establishes the European Union’s new regulatory framework for the management of digital risks in financial markets. You can get a PDF of the regulation from the EU commission website. It entered into...