Devconf.cz 2023

Confidential Computing is a set of technologies such as memory encryption that can be used to protect data in use.

This technology can be used in a number of ways, notably to implement Confidential Virtual Machines, Confidential Containers and Confidential Clusters. This talk explores the various chains of trust required to preserve confidentiality in each of these use cases. In each scenario, we will describe the root of trust, what is being proven, who verifies the proof, and what a successful verification allows, We will discuss techniques and technologies such as local and remote attestation, firmware-based certification, the use and possible implementations of a virtual TPM, attested TLS. We will also discuss the different requirements to attest an execution environment, a workload, a user, or a node joining a cluster.