Skip to content
@cc-api

Confidential Computing API

Reduce the complexity of various cloud frameworks and TEE engines

Welcome to Confidential Computing API Group

The CC (Confidential Computing) API Group is a community to accelerate the adoption of confidential computing technology in cloud environments. It serves as a central gathering place for specs, code, documentation, and ideas.

Welcome to contribute efforts for a common goal of confidential computing technology adoption!

Goals

  1. Define unified and vendor agnostic APIs to collect evidences cross cloud architecture which can be found in the spec and evidence-api. Welcome to propose and define more APIs.

    NOTE:

    • Please get detail Confidential computing use cases for confidential virtual machine (CVM), confidential workload (CW), confidential containers (CCn), confidential cluster (CCl).
    • Confidential Container is ignored here, because it can be regarded as "Confidential VM" from the perspective of measurement and attestation. And Confidential Container is not a good and recommended deployment type for a scalable kubernetes environment due to long latency for POD startup.
  2. Provide stacked measurement frameworks to gether node level evidence and container level evidence for workloads. The evidence can be used to complete remote attestation or other verification based on the business needs.

  3. Provide easy-to-use tools and examples of building trust chain in multiple deloyment flavors of confidential computing environments.

    NOTE:

    • CVM Image Rewriter - Create and customize the confidential VM's qcow2 image including IMA policy, initrd, device permission etc.
    • CC Cloud Automation - Automation framework & tools which supporting diverse confidential cloud flavors like confidential VM/cluster/container/FaaS etc.
  4. Provide the reference design of confidential AI/GenAI loader on model/data protections.

Getting Started

Use Case 1: Node Level Measure in Confidential VM

  1. Create a confidential VM on Google or Azure:
  2. Run cc-measure tool in CVM
  3. Evaluate the node measurement log

Use Case 2: Container Level Measure in Confidential Cluster

Please refer Container Measurement Quick Start - how to prepar a CVM guest image, create a CVM and gather measurement, eventlogs for containers.

More

Please find more introduction to the repositories here.

Join the community

Community Meetings

  • Welcome to join the community meetings. The meeting calendar and agenda can be found here.

More Information

Pinned Loading

  1. community community Public

    1

  2. evidence-api evidence-api Public

    Unified API to Access TCG Compliant measurement, event log, quote in Confidential Computing Environment.

    Python 33 20

  3. container-integrity-measurement-agent container-integrity-measurement-agent Public

    Build Trusted Chain for Cloud Native in Confidential Computing Envrionment

    Rust 16 10

  4. cc-trusted-vmsdk cc-trusted-vmsdk Public

    VMSDK implements the Evidence API

    Python 7 9

  5. confidential-cluster confidential-cluster Public

    Trusted Kubernetes Cluster for Confidential Computing

    Shell 1 2

  6. cvm-image-rewriter cvm-image-rewriter Public

    CVM image customization tool for confidential computing environment

    Shell 1 5

Repositories

Showing 10 of 19 repositories
  • evidence-api Public

    Unified API to Access TCG Compliant measurement, event log, quote in Confidential Computing Environment.

    cc-api/evidence-api’s past year of commit activity
    Python 33 Apache-2.0 20 5 1 Updated Nov 6, 2024
  • container-integrity-measurement-agent Public

    Build Trusted Chain for Cloud Native in Confidential Computing Envrionment

    cc-api/container-integrity-measurement-agent’s past year of commit activity
    Rust 16 Apache-2.0 10 2 1 Updated Oct 16, 2024
  • .github Public

    public .github repository for cc-api

    cc-api/.github’s past year of commit activity
    0 0 0 0 Updated Sep 12, 2024
  • qemu Public Forked from qemu/qemu

    Official QEMU mirror. Please see https://www.qemu.org/contribute/ for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarballs from the QEMU website.

    cc-api/qemu’s past year of commit activity
    C 0 5,706 0 0 Updated Sep 6, 2024
  • libvirt Public Forked from libvirt/libvirt

    Read-only mirror. Please submit merge requests / issues to https://gitlab.com/libvirt/libvirt

    cc-api/libvirt’s past year of commit activity
    C 0 LGPL-2.1 698 0 0 Updated Sep 6, 2024
  • linux Public Forked from torvalds/linux

    Linux kernel source tree for cc-api

    cc-api/linux’s past year of commit activity
    C 0 56,145 0 0 Updated Sep 6, 2024
  • cc-api/community’s past year of commit activity
    0 Apache-2.0 1 0 0 Updated Aug 27, 2024
  • cvm-image-rewriter Public

    CVM image customization tool for confidential computing environment

    cc-api/cvm-image-rewriter’s past year of commit activity
    Shell 1 5 0 0 Updated Aug 27, 2024
  • kubevirt-cvm Public

    Extend KubeVirt capability of managing CVM as a deployment flavor of confidential computing cloud native use cases.

    cc-api/kubevirt-cvm’s past year of commit activity
    2 Apache-2.0 1 0 0 Updated Aug 22, 2024
  • confidential-cluster Public

    Trusted Kubernetes Cluster for Confidential Computing

    cc-api/confidential-cluster’s past year of commit activity
    Shell 1 Apache-2.0 2 1 2 Updated Aug 20, 2024

Most used topics

Loading…