If you run software on someone’s servers, you have a problem. You can’t be sure your data and code aren’t being observed, or worse, tampered with — trust is your only assurance. But there is hope, in the form of Trusted Execution Environments (TEEs) and a new open source project, Enarx, that will make use of TEEs to minimize the trust you need to confidently run on other people’s hardware. This article delves into this problem, how TEE’s work and their limitations, providing a TEE primer of sorts, and explaining how Enarx aims to work around these limitations. It is the next in a series that started with Trust No One, Run Everywhere–Introducing Enarx.

Source: Red Hat Emerging Technologies

Link: https://next.redhat.com/2019/12/02/current-trusted-execution-environment-landscape/

Yesterday, Nathaniel McCallum and I presented a session “Confidential Computing and Enarx” at Open Source Summit Europe. As well as some new information on the architectural components for an Enarx deployment, we had a new demo. What’s exciting about this demo was that it shows off attestation and encryption on Intel’s SGX. Our initial work focussed on AMD’s SEV, so this is our first working multi-platform work flow. We’re very excited, and particularly as this week a number of the team will be attending the first face to face meetings of the Confidential Computing Consortium, at which we’ll be submitting Enarx as a project for contribution to the Consortium.

Source: Alice, Eve and Bob – a security blog

Link: https://aliceevebob.com/2019/10/29/enarx-goes-multi-platform/

What is Enarx (https://enarx.io/)and why do we need it?

Source: Open Source Summit Europe 2019

Link: https://www.youtube.com/watch?v=OWpoPBfyVFU

The Linux Foundation recently formed the Confidential Computing Consortium, a community dedicated to defining and accelerating the adoption of confidential computing. Red Hat and other organizations deeply interested in breathing life into confidential computing solutions are coming together to advance the capabilities of secure computing through the use of Trusted Execution Environments (TEEs).

Source: Red Hat's Blog

Link: https://www.redhat.com/en/blog/confidential-computing-next-new-norm-red-hat

Some of the biggest names in the cloud and hardware ecosystem have agreed to join a new industry group focused on promoting safe computing practices. Founding members include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent.Named the Confidential Computing Consortium, this industry group's goals will be to come up with strategies and tools to accelerate the adoption of "confidential computing."

Source: ZDNet

Link: https://www.zdnet.com/article/intel-ibm-google-microsoft-others-join-new-security-focused-industry-group/

When it comes to data security, there are two standard states where encryption is applied — at rest and in motion. When data is in use, however, it is most often left unencrypted. The Linux Foundation has assembled the Confidential Computing Consortium to define and accelerate the adoption of encrypted data in use, or “confidential computing.”

Source: The New Stack

Link: https://thenewstack.io/linux-foundation-forms-the-confidential-computing-consortium-to-protect-data-in-use/

The Linux Foundation today announced the intent to form the Confidential Computing Consortium, a community dedicated to defining and accelerating the adoption of confidential computing. Companies committed to this work include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

Source: Linux Foundation

Link: https://www.linuxfoundation.org/press-release/new-cross-industry-effort-to-advance-computational-trust-and-security-for-next-generation-cloud-and-edge-computing/

Today, the Linux Foundation announced the intent to form the Confidential Computing Consortium, a community dedicated to defining and accelerating the adoption of confidential computing. As it so happens, I recorded this podcast at devconf.us last week with Red Hat security experts Mike Bursell and Nathaniel McCallum in which we discuss Red Hat Enarx, a project for providing hardware independence for securing applications using Trusted Execution Environments (TEE). It’s one of the projects that will be contributed to this consortium. We also cover broader issues of trust and open source security.

Source: Innovate @Open

Link: http://bitmason.blogspot.com/2019/08/trust-enarx-and-tees-and-open-source.html

If you are a business person, go to 1. Why I need Enarx to reduce business risk. If you are an architect, go to 2. How I can use Enarx to protect sensitive data. If you are a techy, go to 3. Tell me more about Enarx technology (I can take it).

Source: Alice, Eve and Bob – a security blog

Link: https://aliceevebob.com/2019/08/20/enarx-for-everyone-a-quest/

Enarx - Attested, Secured Execution with AMD’s SEV - Nathaniel McCallum, Red Hat, Inc. & David Kaplan, Advanced Micro Devices, Inc. AMD SEV (Secure Encrypted Virtualization) is a new CPU security technology available in AMD's EPYC processors and provides new levels of protection for virtualized workloads. AMD SEV can encrypt the memory and register state of VMs individually, isolating them from the hypervisor. Enarx is an open source project led by Red Hat, leveraging TEEs, and providing attestation and protection for run-time workloads. It is written in Rust and aims to reduce the number of trust relationships required when running executables in the private or public cloud. It currently supports AMD SEV, and this session will: a) Discuss SEV capabilities and roadmap; b) Introduce the Enarx architecture; c) Present some of the components of Enarx; d) Show a demonstration of an early set of Enarx capabilities.

Source: Linux Security Summit 2019

Link: https://www.youtube.com/watch?v=0-ISmJNxGiY