# Buckypaper

{% hint style="info" %}
This documentation is a work in progress and subject to updates and revisions. Keep an eye out for version changes and new additions to ensure you have the latest information.
{% endhint %}

## Introduction

Existing virtualization and hyper-converged infrastructure (HCI) platforms were designed around a **trusted infrastructure assumption**, where hypervisors, storage layers, and administrators inherently have access to workloads, data and AI models. This model creates fundamental security gaps: privileged insiders, compromised management planes, and infrastructure operators can access memory, disks, network, snapshots, and VM state, making it unsuitable for highly sensitive data and regulated workloads.

As organizations move to **hybrid, multi-cloud, and outsourced IaaS environments**, traditional virtualization and HCI platforms fail to provide strong isolation, workload ownership, and verifiable runtime integrity. They lack native support for **confidential computing**, enforce trust in the platform operator, and therefore cannot guarantee data confidentiality, code protection, or AI model secrecy when infrastructure is shared or externally managed—directly conflicting with zero-trust and cloud sovereignty requirements.

## Buckypaper

Buckypaper is an advanced **confidential virtualization** with **hyper-converged infrastructure** platform to deliver a unified, secure, and flexible computing environment. Designed for **on-premises, private, and public cloud deployments**, Buckypaper empowers organizations to virtualize their workloads seamlessly while maintaining **full control over data, code and AI model**.

Leveraging cutting-edge **confidential computing and AI technologies**, Buckypaper provides a foundation for **high-security, privacy-focused, and zero-trust environments**, ensuring that sensitive workloads are protected even in multi-tenant or hybrid cloud scenarios. With Buckypaper, enterprises can achieve **cloud sovereignty** and meet the most stringent regulatory requirements without compromising on scalability, performance, or operational simplicity

Buckypaper allows **third-party operators to provision, operate, and scale the infrastructure layer (IaaS)**—including hosts, hypervisors, and networking—without gaining access to plaintext data, code, model parameters, or runtime secrets. **Remote attestation, secure boot, and key release policies** ensure that cryptographic material is only made available to verified workloads, effectively preventing **data leakage, malicious administrators, and cross-tenant attacks** while preserving operational flexibility.

## Features

<table data-view="cards"><thead><tr><th></th></tr></thead><tbody><tr><td>Infrastructure-agnostic design for <strong>vendor neutrality</strong></td></tr><tr><td>Zero-Trust Infrastructure Model enforcing <strong>no implicit trust</strong> in infrastructure, operators, or cloud providers</td></tr><tr><td>Compliance and Sovereignty Enablement designed to support <strong>GDPR, BSI C5, ISO 27001</strong>, and sovereign cloud requirements</td></tr><tr><td>Hardware-graded <strong>Confidential Virtualization</strong> supporting AMD SEV, Intel TDX, NVIDIA CC technologies</td></tr><tr><td>Unified <strong>Software-defined compute, storage</strong> <strong>and networking</strong> with encryption at rest, in transit and in use</td></tr><tr><td>Consistent security guarantees across <strong>on-prem, edge, private, and public cloud</strong></td></tr><tr><td>Customer-controlled key management enabling <strong>BYOK, HYOK, external KMS/HSM</strong> integration</td></tr><tr><td>Measured boot and secure boot validation with <strong>continuous verification</strong> of runtime integrity</td></tr><tr><td>Confidential AI for <strong>secure inference and training</strong> on encrypted data</td></tr></tbody></table>

## Getting Started

{% content-ref url="/pages/BnJnGdDK7URsbZ0UsbWH" %}
[Documentation](/buckypaper/documentation.md)
{% endcontent-ref %}

{% content-ref url="/pages/XfQpQhlkb7LU2AiGwleg" %}
[Tutorials](/buckypaper/tutorials.md)
{% endcontent-ref %}

## Learn more

<table data-view="cards"><thead><tr><th data-type="content-ref"></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><a href="/spaces/mzjpiPnGVwTaHdGYte2r">/spaces/mzjpiPnGVwTaHdGYte2r</a></td><td>Confidential Multi Cloud Platform</td><td></td></tr><tr><td><a href="/spaces/GWxadkt9sLLUyKVhuNB7">/spaces/GWxadkt9sLLUyKVhuNB7</a></td><td>Hardware graded key, identity and workload management</td><td></td></tr><tr><td><a href="/spaces/ZAOyClhisJhRvjIxLjXP">/spaces/ZAOyClhisJhRvjIxLjXP</a></td><td>Key, identity and access management</td><td></td></tr><tr><td><a href="/spaces/B6wCdvkxdUdtHHcfqQVl">/spaces/B6wCdvkxdUdtHHcfqQVl</a></td><td>Workload identity and access management</td><td></td></tr><tr><td><a href="/spaces/JCiJp92CK5rDzO9DECIa">/spaces/JCiJp92CK5rDzO9DECIa</a></td><td>Confidential Virtualization</td><td></td></tr><tr><td><a href="/spaces/2TGGyMVhS5NRcNQJhHpN">/spaces/2TGGyMVhS5NRcNQJhHpN</a></td><td>Confidential Kubernetes</td><td></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/buckypaper/buckypaper.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.