Use Case 2:

This use-case will provide enablement for confidential computing in the form of a defined platform that can be applied in the telecom clouds.

A current problem with confidential computing is that in many cases it depends on new hardware architectures – notably Intel’s TDX and AMD’s SEV. Industry moves towards VM-based Trusted Execution Environments, but their enablement is still in the early phases. Open-source projects – like RedHat’s Enarx69 and ARM’s Veracruz70 – are working on the subject, but have approaches that need more research.

Big cloud companies – like Microsoft, Google and Amazon – only recently introduced confidential computing support, and this support is currently limited in many aspects. Microsoft Azure and Google

Cloud Platform offer so-called Confidential VMs, but remote attestation APIs and capabilities are not satisfying. None of the cloud providers offer Confidential Containers71 and Kubernetes support for VM, although Apple is working on a version with Kata containers72.

This use-case will leverage the cryptographic enablers and confidential toolkit developed in WP2, confidential computing HW platform abstractions and remote attestation handling developed in WP3 and confidential networking (especially quantum-safe TLS) and orchestration developed in WP4 to provide easy enablement of Intel and AMD VMs in an automated manner (via Ansible or similar scripts and cloud APIs). After that, confidential container support in Kubernetes will be developed, so that Kubernetes clusters can be formed with confidential VMs. Finally, application of Software Management Agent within the enclave will ensure secure TLS connections between VMs, secure key and certificate exchange and remote attestation handling.