What is confidential computing

Confidential computing is a technology that shields computer workloads from their environments. The pressing and previously unsolved problem that confidential computing addresses is the following: How to process data on compute infrastructure that is potentially compromised.

Confidential computing is made possible by the compute hardware: The processor (or CPU) of a system creates a highly secure environment for data processing. Such execution environments are often referred to as trusted execution environments (TEEs). However, the term TEE is not clearly defined and is used in different ways in the literature. Thus, we use the term confidential computing environment (CCE) to refer to TEEs with properties specific to confidential computing.

In a nutshell, these properties are:

• Runtime encryption
• Remote attestation
• Isolation

Runtime encryption is what most people associate with confidential computing. However, the other two properties are at least as important. Without them, confidential computing does not work. Check the corresponding wiki pages to learn why.