VM(Virtual Machine) based confidential computing like Intel TDX provides isolated encryption runtime environment based on hardware Trusted Execution Environment (TEE) technologies. To land cloud native computing into confidential environment, there are lots of different PaaS frameworks such as confidential cluster, confidential container, which brings challenges for enabling and TEE measurement. This project uses cloud native design pattern to implement confidential computing primitives like event log, measurement, quote and attestation. It also provides new features design to address new challenges like how to auto scale trustworthy, how to reduce TCB size, etc.
NOTE: For Intel TDX, it bases on Linux TDX Software Stack at tdx-tools, the corresponding white paper is at Whitepaper: Linux* Stacks for Intel® Trust Domain Extension 1.0.
Note: This is pre-release/prototype software and, as such, it may be substantially modified as updated versions are made available.