Intel, Microsoft, Red Hat Open Source Tools for 'Confidential Computing'

Microsoft's Open Enclave architecture. Credit: MicrosoftMicrosoft's Open Enclave architecture. Credit: Microsoft

Members of the Linux Foundation, including Arm, Baidu, Google Cloud, Intel, Microsoft, Red Hat, Swisscom and Tencent, will start promoting the use of Trusted Execution Environments (TEEs), also called secure enclaves, for both cloud computing and PC applications.

The participants in the newly formed group, called the Confidential Computing Consortium, plan to make open source multiple projects related to securing data in use. Intel will open source the SDK for its Software Guard Extension (SGX) chip feature. 

The SGX solution protects sensitive code and data of an application from being stolen or modified by malicious actors that may have taken over the operating system or virtual machine. Applications such as the end-to-end encrypted messenger Signal use SGX for private contact discovery without the need for the server to store users’ contacts in plaintext and unprotected.

Microsoft also contributed the Open Enclave SDK, a framework for building app enclaves that work across various Trusted Execution Environment (TEE) architectures to the CCC. Each application that uses the Open Enclave SDK can be split into two components, an untrusted one that runs on the untrusted operating systems and a trusted one that’s protected from operating system malware.

Red Hat, which was recently acquired by IBM, will also contribute its own Enarx framework, which is similar to Microsoft’s Open Enclave, but more targeted at the Linux ecosystem and public cloud services.

Google also announced its own enclave framework for confidential computing last year, called Asylo. Gemalto, the largest provider of smart card and cell phone SIM chips, has already started using it to protect itself against sophisticated attacks. Asylo is open source but it hasn’t yet reached version 1.0 or anywhere close. This may be why the company has decided against contributing it to the CCC, at least for the time being.