Isolation

Each confidential computing environment (CCE) is logically isolated from other software running on the system. This isolation is enforced by the CPU. For example, an Intel SGX is isolated from the underlying operating system and hypervisor, as well as other applications. In a nutshell, all software-based accesses to a CCE, even from highly privileged software, are blocked by the CPU. In case privileged software tries to sidestep this mechanism by directly accessing a CCE's memory, it will only be able to access encrypted data thanks to runtime encryption.

Still, outside software can interact with a CCE over specific interfaces. In essence, virtually every CCE exposes some form of API to the outside world. This API can be used by the operating system and other applications to communicate and to manage the CCE.