Confidential Computing Consortium Establishes Formation With Founding Members And Open Governance Structure

Posted by The Linux Foundation

The Confidential Computing Consortium, a Linux Foundation project and community dedicated to defining and accelerating the adoption of confidential computing, today announced the formalization of its organization with founding premiere members Alibaba, Arm, Google Cloud, Huawei, Intel, Microsoft and Red Hat. General members include Baidu, ByteDance, decentriq, Fortanix, Kindite, Oasis Labs, Swisscom, Tencent and VMware.

The intent to form the Confidential Computing Consortium was announced at Open Source Summit in San Diego earlier this year. The organization aims to address data in use, enabling encrypted data to be processed in memory without exposing it to the rest of the system, reducing exposure to sensitive data and providing greater control and transparency for users. This is among the very first industry-wide initiatives to address data in use, as current security approaches largely focus on data at rest or data in transit. The focus of the Confidential Computing Consortium is especially important as companies move more of their workloads to span multiple environments, from on premises to public cloud and to the edge.

With the formalization of the group, the open governance structure is established and includes a Governing Board, a Technical Advisory Council and a separate oversight for each technical project. It is intended to host a variety of technical open source projects and open specifications to support confidential computing. The Consortium is funded by membership dues.

Contributions to the Confidential Computing Consortium already include:

• Software Guard Extensions (Intel SGX) SDK, designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves in memory.
• Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.
• Enarx, a project providing hardware independence for securing applications using TEEs.

The Consortium is a Bronze sponsor of Open Source Summit Europe and will be host three sessions, beginning with a session on how to approach security for data in use and a Birds of a Feather (BoF) session on Monday, October 28 and a panel about the state of the Consortium on Tuesday, October 29.

―CT Bureau