Do you want to understand how confidential computing works? Discover our open-source, hands-on series of tutorials to learn how to code secure enclaves!
- Confidential computing technologies are historically so recent that there is still very little content about them. Chief among them: do-it-yourself guides that would teach you how to launch your own enclave and properly set up the security.
This is why we started our own series of tutorials on Confidential computing!
A hands-on beginner guide
Our goal is to give developers a better understanding of this amazing security technology. By the end of all the tutorials, you'll know how to securely run an enclave, attest it, communicate with it, and store it.
We believe in learning by coding, so all the tutorials will be oriented toward implementing an application with Confidential computing. We'll go over how to build it, show how it works, and highlight its strengths and constraints.
- We recommend you do the tutorials in order - the whole structure has been thought out like chapters in a book.
- Experience in C/C++ and Linux is required to fully follow this series.
- Some intermediary knowledge of cryptography is also needed.
- Some parts will require specific machines to be run because Confidential computing is a hardware-based solution. We’ll explain which ones and how to set them up at the beginning of the tutorials.
As with all our projects, it is open-source. And because this one is a particularly big undertaking, it is still under construction.
What is Confidential Computing?
In typical workflows, data is encrypted when it is in transit and when it is at rest, but it is accessible clearly when being analyzed by software. Confidential computing is a fast-growing new technology that aims to tackle this problem and protect data during computation. It does so by relying on three key concepts: isolation, attestation, and runtime encryption.
To do so, it uses Trusted Execution Environments (TEEs), hardware-based secure environments. They are self-contained zones where the processor guarantees that the software running inside cannot be tampered with by the host operating system, hypervisor, and even its BIOS. The memory isolation provided by the hardware makes outside attempts to read or modify fail. A process called Attestation verifies the authenticity of the TEE, its configuration, and elements such as the application running in the TEE and the OS.
A Technology on the Rise
Confidential Computing has been gaining more and more traction and is driven today by the main hardware providers. Intel initially proposed Intel SGX in 2014 to secure processes. They were followed by AMD with SEV SNP to deploy confidential VMs. And Nvidia will release confidential GPUs in 2023.
It’s an exciting time to learn about Confidential Computing! We’re happy to take you with us on this journey to learn how to build confidential apps 🔥
Click here to discover the course and become a Confidential Computing wizard!
We wrote a lot of content about Confidential Computing:
- An Introduction to Confidential Computing
- A digest of the current ecosystem of Confidential Computing
- A guide to AMD’s confidential VMs: AMD-SEV
- An overview of the enclave pioneer: Intel SGX
- A Breakdown to Amazon’s Take on Confidential Computing: Nitro Enclaves
Want to turn your SaaS into a zero-trust solution?
Image credits: Edgar Huneau