Confidential containers

Confidential Containers (CoCo) is a recent project from the Cloud Native Computing Foundation (CNCF), which leverages CCEs to protect applications at the granularity of containers. CoCo aims to support all major CCE hardware foundations, namely AMD SEV, Intel TDX, Arm CCA, and also Intel SGX. However, the project clearly focuses on CVMs rather than on secure enclaves as technological foundations.

In simplified terms, one can think of CoCo as "secure enclaves implemented with CVMs". Through the use of the more versatile CVMs, CoCo can run almost arbitrary code inside containers. This is typically not possible with SGX-based enclaves.