ConfidentialComputing's repositories
ARM-CCA-Related
ARM CCA
islet-linux
ISLET is a project to enable on-device confidential computing for end users by leveraging ARMv9 CCA that is the newly emerging confidential computing hardware on ARM devices. Using the hardware support, ISLET enables a Trusted Execution Environment (TEE) on user’s devices within which users can securely process, store, communicate and manage their private data. The protection provided by ISLET applies not only to data-at-rest but also to data-in-use even in the presence of malicious privileged software on devices. We develop components enabling Realm Virtual Machines (VMs), which are secure VM-level TEE provided by ARMv9 CCA. To manage Realm VMs, Realm Management Monitor (RMM) is needed to be running at EL2 in the Realm world. Although the Monitor firmware is available as an open source, there is no functional Realm Management Monitor (RMM) code available yet. ISLET provides the implementation of RMM that is written in Rust.
islet
ISLET is a project to enable on-device confidential computing for end users by leveraging ARMv9 CCA that is the newly emerging confidential computing hardware on ARM devices. Using the hardware support, ISLET enables a Trusted Execution Environment (TEE) on user’s devices within which users can securely process, store, communicate and manage their private data. The protection provided by ISLET applies not only to data-at-rest but also to data-in-use even in the presence of malicious privileged software on devices. We develop components enabling Realm Virtual Machines (VMs), which are secure VM-level TEE provided by ARMv9 CCA. To manage Realm VMs, Realm Management Monitor (RMM) is needed to be running at EL2 in the Realm world. Although the Monitor firmware is available as an open source, there is no functional Realm Management Monitor (RMM) code available yet. ISLET provides the implementation of RMM that is written in Rust.
multizone-sdk
MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multiple equally secure worlds. Unlike antiquated hypervisor-like solutions, MultiZone is self-contained, presents an extremely small attack surface, and it is policy driven, meaning that no coding is required – and in fact even allowed. MultiZone works with any 32-bit or 64-bit RISC-V processors with standard Physical Memory Protection unit (PMP) and “U” mode.
rust-sgx
The Fortanix Rust Enclave Development Platform
arm-trusted-firmware
Read-only mirror of Trusted Firmware-A
aws-nitro-enclaves-workshop
AWS Nitro Enclaves Workshop
bcc
BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
BigDL
Accelerate LLM with low-bit (INT3 / INT4 / NF4 / INT5 / INT8) optimizations using bigdl-llm
certifier-framework-for-confidential-computing
The Confidential Computing Certifier Framework consists of a client API called the Certifier-API and server-based policy evaluation called the Certifier Service. It simplifies and unifies programming and operations support for multi-vendor Confidential Computing platforms by providing support for scalable, policy-driven trust management including
confidential-cloud-native-primitives
Landing Confidential Computing into Cloud Native Computing
ima-evm-utils
Primary ima-evm-utils repo
incubator-teaclave
Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
islet-asset
ISLET is a project to enable on-device confidential computing for end users by leveraging ARMv9 CCA that is the newly emerging confidential computing hardware on ARM devices. Using the hardware support, ISLET enables a Trusted Execution Environment (TEE) on user’s devices within which users can securely process, store, communicate and manage their private data. The protection provided by ISLET applies not only to data-at-rest but also to data-in-use even in the presence of malicious privileged software on devices. We develop components enabling Realm Virtual Machines (VMs), which are secure VM-level TEE provided by ARMv9 CCA. To manage Realm VMs, Realm Management Monitor (RMM) is needed to be running at EL2 in the Realm world. Although the Monitor firmware is available as an open source, there is no functional Realm Management Monitor (RMM) code available yet. ISLET provides the implementation of RMM that is written in Rust.
linux-image-5.19
linux-image-5.19 for guest and host
linux-svsm
Linux SVSM (Secure VM Service Module) for secure x86 virtualization in Rust
nvtrust
Ancillary open source software to support confidential computing on NVIDIA GPUs
oak
Meaningful control of data in distributed systems.
open-gpu-kernel-modules
NVIDIA Linux open GPU kernel module source
snpguest
A CLI tool for interacting with SEV-SNP guest environment
stet
Split-Trust Encryption Tool for ubiquitous data encryption.
tdx-tools
Cloud Stack and Solutions for Intel TDX (Trust Domain Extension)
trillian
A transparent, highly scalable and cryptographically verifiable data store.
volatility
An advanced memory forensics framework