Buckypaper

Buckypaper is a vendor-agnostic confidential virtualization and hyper-converged infrastructure platform that enables secure workload execution across on-premises, private, and public environments.

This documentation is a work in progress and subject to updates and revisions. Keep an eye out for version changes and new additions to ensure you have the latest information.

Introduction

Existing virtualization and hyper-converged infrastructure (HCI) platforms were designed around a trusted infrastructure assumption, where hypervisors, storage layers, and administrators inherently have access to workloads, data and AI models. This model creates fundamental security gaps: privileged insiders, compromised management planes, and infrastructure operators can access memory, disks, network, snapshots, and VM state, making it unsuitable for highly sensitive data and regulated workloads.

As organizations move to hybrid, multi-cloud, and outsourced IaaS environments, traditional virtualization and HCI platforms fail to provide strong isolation, workload ownership, and verifiable runtime integrity. They lack native support for confidential computing, enforce trust in the platform operator, and therefore cannot guarantee data confidentiality, code protection, or AI model secrecy when infrastructure is shared or externally managed—directly conflicting with zero-trust and cloud sovereignty requirements.

Buckypaper

Buckypaper is an advanced confidential virtualization with hyper-converged infrastructure platform to deliver a unified, secure, and flexible computing environment. Designed for on-premises, private, and public cloud deployments, Buckypaper empowers organizations to virtualize their workloads seamlessly while maintaining full control over data, code and AI model.

Leveraging cutting-edge confidential computing and AI technologies, Buckypaper provides a foundation for high-security, privacy-focused, and zero-trust environments, ensuring that sensitive workloads are protected even in multi-tenant or hybrid cloud scenarios. With Buckypaper, enterprises can achieve cloud sovereignty and meet the most stringent regulatory requirements without compromising on scalability, performance, or operational simplicity

Buckypaper allows third-party operators to provision, operate, and scale the infrastructure layer (IaaS)—including hosts, hypervisors, and networking—without gaining access to plaintext data, code, model parameters, or runtime secrets. Remote attestation, secure boot, and key release policies ensure that cryptographic material is only made available to verified workloads, effectively preventing data leakage, malicious administrators, and cross-tenant attacks while preserving operational flexibility.

Features

Infrastructure-agnostic design for vendor neutrality

Zero-Trust Infrastructure Model enforcing no implicit trust in infrastructure, operators, or cloud providers

Compliance and Sovereignty Enablement designed to support GDPR, BSI C5, ISO 27001, and sovereign cloud requirements

Hardware-graded Confidential Virtualization supporting AMD SEV, Intel TDX, NVIDIA CC technologies

Unified Software-defined compute, storage and networking with encryption at rest, in transit and in use

Consistent security guarantees across on-prem, edge, private, and public cloud

Customer-controlled key management enabling BYOK, HYOK, external KMS/HSM integration

Measured boot and secure boot validation with continuous verification of runtime integrity

Confidential AI for secure inference and training on encrypted data

Getting Started

Documentation Tutorials

Learn more

Enclaive Multi Cloud Platform

Confidential Multi Cloud Platform

Virtual HSM

Hardware graded key, identity and workload management

Vault

Key, identity and access management

Nitride

Workload identity and access management

Buckypaper

Confidential Virtualization

Dyneemes

Confidential Kubernetes

NextDocumentation

Last updated 4 hours ago

Was this helpful?