Standardisation of Trusted Execution Environments / Confidential Computing

Until recently, data protection relied on two pillars: protection of data at rest and in transit. However, data remained unprotected during processing, leaving it vulnerable in shared computing environments, such as cloud computing. More recently, this shortcoming was addressed by Trusted Execution Environments capable of executing arbitrary code. Today, any user can leverage the capabilities of Trusted Execution Environments to protect data in use, closing the end-to-end data protection cycle.

Currently, all major enterprise server vendors have announced Confidential Computing solutions: AMD (with the SEV-SNP technology), ARM (with the CCA technology), IBM (with the PEF technology) and Intel (with its SGX and TDX solutions). Moreover, confidential computing capabilities have been announced for GPUs by NVIDIA. Alas, the architectures and approaches for confidential computing standardisation are diverse and often incompatible.

This growth in confidential computing deployments has led to a broad and diverse need in standardisation. Today, standardisation around software support for confidential computing is done in the Internet Engineering Task Force (IETF), namely the Trusted Execution Environments (TEEP) workgroup and Remote Attestation ProcedureS (RATS) workgroup (WG). Both groups already have adopted documents: Trusted Execution Environment Provisioning (TEEP) Architecture (RFC 9397) and Remote ATtestation procedureS (RATS) Architecture (RFC 9334). Moreover, there are 15+ additional documents under active development.

Along with IETF, the Confidential Computing Consortium and its individual member organizations are actively working on promoting the adoption of Confidential Computing. One such initiative is the CSA Confidential Computing working group, which recently started work on adding Confidential Computing considerations in the CSA Cloud Control Matrix.

The Confidential Computing technology will continue evolving and being adopted as more cloud deployments do hardware upgrades. This will in turn require further integration with existing standards and control frameworks both from international standards organizations (such as IETF), industry consortia (such as the CCC) and national or international regulators (ENISA in the EU or NIST in the United States of America).