Confidential Computing
Principles and Technology
- 1st Edition - September 1, 2026
- Latest edition
- Author: Jiewen Yao
- Language: English
At present, major companies are launching their own confidential computing solutions, which pose significant challenges to users. This book summarizes the common designs of various… Read more
World Book Day celebration
Where learning shapes lives
Up to 25% off trusted resources that support research, study, and discovery.
Description
Description
At present, major companies are launching their own confidential computing solutions, which pose significant challenges to users. This book summarizes the common designs of various mainstream TEE hardware, and explains their commonalities to help understand the working principles of TEE hardware, facilitating users to define TEE usage scenarios through abstract commonalities.
Confidential Computing: Principles and Technology comprehensively introduces the design principles and usage methods of TEE in terms of security models, lifecycle, attestation models, attack methods, and mitigation strategies, helping readers understand the security attributes and implementation points of confidential computing. At the same time, this book takes the TEE provided by the mainstream X86, ARM, and RISC-V architectures in the industry as examples to analyze the specific implementation methods and similarities and differences of hardware TEE, helping users deeply understand the advantages and disadvantages of different implementations, and hoping to provide some inspiration for future TEE software and hardware designers.
Confidential Computing: Principles and Technology comprehensively introduces the design principles and usage methods of TEE in terms of security models, lifecycle, attestation models, attack methods, and mitigation strategies, helping readers understand the security attributes and implementation points of confidential computing. At the same time, this book takes the TEE provided by the mainstream X86, ARM, and RISC-V architectures in the industry as examples to analyze the specific implementation methods and similarities and differences of hardware TEE, helping users deeply understand the advantages and disadvantages of different implementations, and hoping to provide some inspiration for future TEE software and hardware designers.
Key features
Key features
- Provides a common confidential computing TEE model and principles
- Covers different solutions, including X86 (SGX, TDX, SEV), ARM and RISC-V
- Includes different attacks and mitigation examples
- Reviews both TEE and advanced TEE-IO solutions, including industry standards on TCG, DMTF, PCI, CXL
Readership
Readership
Programmers who are not satisfied with just using existing software SDKs, but are deeply interested in technology and want to understand the working principles behind programs
Table of contents
Table of contents
1. Introduction to Privacy Computing
1.1 Goal of Privacy Computing
1.2 Privacy Computing Technology
1.2.1 Homomorphic Encryption
1.2.2 Secure Multi-Party Communication
1.2.3 Zero Knowledge Proof
1.2.4 Differential Privacy
1.3 Application of Privacy Computing
2. Introduction to Confidential Computing
2.1 Concept of Confidential Computing
2.2 Hardware TEE Classification
2.3 Software Implementation
2.4 Application of Confidential Computing
3. Confidential Computing Model
3.1 Security Model
3.1.1 Common Confidential Computing Security Model
3.1.2 About TEE Privilege
3.1.3 About TEE-TCB Scope
3.1.4 About RoT
3.2 Threat Model
3.2.1 Threat Model in Scope
3.2.2 Threat Model out of Scope
3.2.3 Side-Channel Attack and Mitigation
3.3 Threat Model in Hardware TEE Examples
3.3.1 Intel SGX
3.3.2 Intel TDX
3.3.3 AMD SEV
3.3.4 ARM RME
3.3.5 RISC-V CoVE
4. TEE Lifecycle
4.1 TEE Memory Layout
4.2 TEE Startup and Teardown
4.3 Lifecycle in Hardware TEE Examples
4.3.1 Intel SGX
4.3.2 Intel TDX
4.3.3 AMD SEV
4.3.4 ARM RME
4.3.5 RISC-V CoVE
5. TEE Attestation Model
5.1 Real Life Attestation
5.2 Common Model in Attestation
5.2.1 Evidence Generating and Conveying
5.2.2 Evaluating
5.2.3 Attestation Result Conveying
5.3 Other Topics
5.3.1 Non Measurement Solution in Runtime Environment
5.3.2 Remote Attestation based Secure Communication Protocol
5.4 Attestation in Hardware TEE Examples
5.4.1 Intel SGX
5.4.2 Intel TDX
5.4.3 AMD SEV
5.4.4 ARM RME
5.4.5 RISC-V CoVE
6. TEE Special Function
6.1 Sealing
6.1.1 TPM Sealing and DICE Sealing
6.1.2 TEE Sealing
6.2 Nested TEE
6.2.1 Intel TDX TD-Partitioning
6.2.2 AMD SEV Virtual Machine Privilege Level
6.3 Virtual TPM
6.3.1 TEE based vTPM
6.3.2 Nested TEE based vTPM
6.4 Live Migration
6.4.1 Live Migration Introduction
6.4.2 Intel TDX Live Migration
6.4.3 AMD SEV Live Migration
6.5 Runtime Update
7. Software Development
7.1 TEE Software Use Case
7.2 Software in Confidential VM
7.2.1 VMM
7.2.2 Virtual Firmware
7.2.3 Tenant OS
7.2.4 L1-VMM
7.2.5 TSM
7.3 Software in Secure Enclave
7.3.1 LibOS
7.3.2 Enclave Software Stack
7.4 TEE Remote Attestation
7.4.1 vTPM
7.4.2 Attestation and Appraisal
7.4.3 Policy Engine
7.5 TEE Secure Communication
7.6 TEE Data Security
7.6.1 Key Broker Service
7.6.2 Image Management Service
8. TEE Attack and Mitigation
8.1 Attack Method
8.1.1 Software Attack
8.1.2 Crypto Algorithm and Protocol Attack
8.1.3 Side Channel Attack and Fault Injection
8.1.4 Simple Physical Attack
8.2 Defense Principle
8.2.1 Secure Software Design
8.2.2 Secure Crypto Application
8.2.3 Side Channel Attack and Fault Injection Mitigation
8.2.4 Simple Physical Attack Mitigation
8.3 TEE Specific Attack and Mitigation
8.3.1 SGX
8.3.2 TDX
8.3.3 SEV
9. Confidential Computing TEE-IO Model
9.1 TEE-IO Security Model
9.1.1 Common TEE-IO Security Model
9.1.2 TEE-IO Components
9.1.3 TEE-IO Communication Protocols
9.1.4 TEE-IO Resource Classification
9.1.5 TEE-IO Key Management
9.2 TEE-IO Threat Model
9.2.1 Thread Model in Scope
9.2.2 Security Requirement on Device Side
9.2.3 Security Requirement on Host Side
9.3 TEE-IO Host Examples
9.3.1 Intel TDX Connect
9.3.2 AMD SEV TIO
9.3.3 ARM RME-DA
9.3.4 RISC-V CoVE-IO
9.4 TEE-IO Device Example
10. TEE-IO Life Cycle
10.1 TEE-IO Life Cycle Introduction
10.1.1 System and Device Initialization
10.1.2 SPDM Secure Session Establishment
10.1.3 IDE Secure Link Setup
10.1.4 TDI Lock and Attach
10.1.5 TDI Accept and Run
10.1.6 IDE Key Refresh
10.1.7 SPDM Key Refresh
10.1.8 TDI Detach
10.1.9 IDE Secure Link Teardown
10.1.10 SPDM Secure Session Termination
10.2 Error Handling
10.2.1 Error Trigger
10.2.2 Error Report
10.2.3 Error Recovery
10.3 TEE-IO Device Life Cycle Example
11. TEE-IO Attestation Model
11.1 Attestation from TVM to Device
11.1.1 Evidence Generating and Conveying
11.1.2 Evaluating
11.1.3 Attestation Result Conveying
11.2 Attestation from Third Party to TVM with device binding
11.2.1 Evidence Generating and Conveying
11.2.2 Evaluating
11.3 Device and Host Mutual Attestation
11.4 TEE-IO Device Attestation Example
12. TEE-IO Special Function
12.1 TEE-IO Device Resillency
12.2 TEE-IO Device Runtime Update
12.2.1 Runtime Update Policy
12.2.2 Update Policy Verification
12.2.3 Updated Firmware Attestation
12.3 PCIe Peer to Peer
12.4 CXL Device
12.4.1 CXL HDM Security Model
12.4.2 CXL HDM Threat Model
13. TEE-IO Software Development
13.1 TEE-IO Software Use Case
13.2 Confidential VM
13.3 TEE-IO Device Attestation
13.4 TEE-IO Secure Communication
14. TEE-IO Attack and Mitigation
14.1 Attack Method
14.1.1 TEE-IO Host Side Attack
14.1.2 TEE-IO Device Communication Attack
14.1.3 TEE-IO Device Side Attack
14.2 Defense Principle
14.2.1 TEE-IO Host Side
14.2.2 TEE-IO Device Communication
14.2.3 TEE-IO Device Side
1.1 Goal of Privacy Computing
1.2 Privacy Computing Technology
1.2.1 Homomorphic Encryption
1.2.2 Secure Multi-Party Communication
1.2.3 Zero Knowledge Proof
1.2.4 Differential Privacy
1.3 Application of Privacy Computing
2. Introduction to Confidential Computing
2.1 Concept of Confidential Computing
2.2 Hardware TEE Classification
2.3 Software Implementation
2.4 Application of Confidential Computing
3. Confidential Computing Model
3.1 Security Model
3.1.1 Common Confidential Computing Security Model
3.1.2 About TEE Privilege
3.1.3 About TEE-TCB Scope
3.1.4 About RoT
3.2 Threat Model
3.2.1 Threat Model in Scope
3.2.2 Threat Model out of Scope
3.2.3 Side-Channel Attack and Mitigation
3.3 Threat Model in Hardware TEE Examples
3.3.1 Intel SGX
3.3.2 Intel TDX
3.3.3 AMD SEV
3.3.4 ARM RME
3.3.5 RISC-V CoVE
4. TEE Lifecycle
4.1 TEE Memory Layout
4.2 TEE Startup and Teardown
4.3 Lifecycle in Hardware TEE Examples
4.3.1 Intel SGX
4.3.2 Intel TDX
4.3.3 AMD SEV
4.3.4 ARM RME
4.3.5 RISC-V CoVE
5. TEE Attestation Model
5.1 Real Life Attestation
5.2 Common Model in Attestation
5.2.1 Evidence Generating and Conveying
5.2.2 Evaluating
5.2.3 Attestation Result Conveying
5.3 Other Topics
5.3.1 Non Measurement Solution in Runtime Environment
5.3.2 Remote Attestation based Secure Communication Protocol
5.4 Attestation in Hardware TEE Examples
5.4.1 Intel SGX
5.4.2 Intel TDX
5.4.3 AMD SEV
5.4.4 ARM RME
5.4.5 RISC-V CoVE
6. TEE Special Function
6.1 Sealing
6.1.1 TPM Sealing and DICE Sealing
6.1.2 TEE Sealing
6.2 Nested TEE
6.2.1 Intel TDX TD-Partitioning
6.2.2 AMD SEV Virtual Machine Privilege Level
6.3 Virtual TPM
6.3.1 TEE based vTPM
6.3.2 Nested TEE based vTPM
6.4 Live Migration
6.4.1 Live Migration Introduction
6.4.2 Intel TDX Live Migration
6.4.3 AMD SEV Live Migration
6.5 Runtime Update
7. Software Development
7.1 TEE Software Use Case
7.2 Software in Confidential VM
7.2.1 VMM
7.2.2 Virtual Firmware
7.2.3 Tenant OS
7.2.4 L1-VMM
7.2.5 TSM
7.3 Software in Secure Enclave
7.3.1 LibOS
7.3.2 Enclave Software Stack
7.4 TEE Remote Attestation
7.4.1 vTPM
7.4.2 Attestation and Appraisal
7.4.3 Policy Engine
7.5 TEE Secure Communication
7.6 TEE Data Security
7.6.1 Key Broker Service
7.6.2 Image Management Service
8. TEE Attack and Mitigation
8.1 Attack Method
8.1.1 Software Attack
8.1.2 Crypto Algorithm and Protocol Attack
8.1.3 Side Channel Attack and Fault Injection
8.1.4 Simple Physical Attack
8.2 Defense Principle
8.2.1 Secure Software Design
8.2.2 Secure Crypto Application
8.2.3 Side Channel Attack and Fault Injection Mitigation
8.2.4 Simple Physical Attack Mitigation
8.3 TEE Specific Attack and Mitigation
8.3.1 SGX
8.3.2 TDX
8.3.3 SEV
9. Confidential Computing TEE-IO Model
9.1 TEE-IO Security Model
9.1.1 Common TEE-IO Security Model
9.1.2 TEE-IO Components
9.1.3 TEE-IO Communication Protocols
9.1.4 TEE-IO Resource Classification
9.1.5 TEE-IO Key Management
9.2 TEE-IO Threat Model
9.2.1 Thread Model in Scope
9.2.2 Security Requirement on Device Side
9.2.3 Security Requirement on Host Side
9.3 TEE-IO Host Examples
9.3.1 Intel TDX Connect
9.3.2 AMD SEV TIO
9.3.3 ARM RME-DA
9.3.4 RISC-V CoVE-IO
9.4 TEE-IO Device Example
10. TEE-IO Life Cycle
10.1 TEE-IO Life Cycle Introduction
10.1.1 System and Device Initialization
10.1.2 SPDM Secure Session Establishment
10.1.3 IDE Secure Link Setup
10.1.4 TDI Lock and Attach
10.1.5 TDI Accept and Run
10.1.6 IDE Key Refresh
10.1.7 SPDM Key Refresh
10.1.8 TDI Detach
10.1.9 IDE Secure Link Teardown
10.1.10 SPDM Secure Session Termination
10.2 Error Handling
10.2.1 Error Trigger
10.2.2 Error Report
10.2.3 Error Recovery
10.3 TEE-IO Device Life Cycle Example
11. TEE-IO Attestation Model
11.1 Attestation from TVM to Device
11.1.1 Evidence Generating and Conveying
11.1.2 Evaluating
11.1.3 Attestation Result Conveying
11.2 Attestation from Third Party to TVM with device binding
11.2.1 Evidence Generating and Conveying
11.2.2 Evaluating
11.3 Device and Host Mutual Attestation
11.4 TEE-IO Device Attestation Example
12. TEE-IO Special Function
12.1 TEE-IO Device Resillency
12.2 TEE-IO Device Runtime Update
12.2.1 Runtime Update Policy
12.2.2 Update Policy Verification
12.2.3 Updated Firmware Attestation
12.3 PCIe Peer to Peer
12.4 CXL Device
12.4.1 CXL HDM Security Model
12.4.2 CXL HDM Threat Model
13. TEE-IO Software Development
13.1 TEE-IO Software Use Case
13.2 Confidential VM
13.3 TEE-IO Device Attestation
13.4 TEE-IO Secure Communication
14. TEE-IO Attack and Mitigation
14.1 Attack Method
14.1.1 TEE-IO Host Side Attack
14.1.2 TEE-IO Device Communication Attack
14.1.3 TEE-IO Device Side Attack
14.2 Defense Principle
14.2.1 TEE-IO Host Side
14.2.2 TEE-IO Device Communication
14.2.3 TEE-IO Device Side
Product details
Product details
- Edition: 1
- Latest edition
- Published: September 1, 2026
- Language: English
About the author
About the author
JY
Jiewen Yao
Jiewen Yao is Principal Engineer in Intel Corporation, focusing on Secure Boot, Trusted Boot and Confidential Computing technologies. He is one of the architects for Intel Confidential Computing TDX. He is the chair or co-chair in industry standard working group, including UEFI Security Sub-Team, TCG PC Client Working Group, DMTF SPDM Code Task Force and RISC-V AP-TEE-IO Task Group. He received his bachelor’s degree from Fudan University and an engineering masters degree from Shanghai Jiaotong university
Affiliations and expertise
Intel Corporation, China