Technology Overview

Intel SGX provides a secure execution environment called an enclave to protect sensitive code and data. It allows applications to isolate portions of their code and data in enclaves, ensuring confidentiality and integrity. SGX enables secure computations even on compromised systems, preventing access to the enclave's contents.

Intel TDX safeguards confidential guest virtual machines (VMs) from both host and physical attacks by isolating the register state of the guest and encrypting its memory. TDX employs a specialized module operating in a dedicated mode that acts as an intermediary between the host and guest, ensuring effective separation between them.

AMD SEV is designed to protect virtual machines (VMs) in cloud environments. SEV encrypts the VM's memory, isolating it from the hypervisor and other VMs. This technology provides a secure execution environment for VMs, protecting them from unauthorized access and tampering.

ARM CCA is a hardware-based security technology that enables confidential computing on ARM-based processors. CCA provides mechanisms for isolating and protecting sensitive code and data within secure enclaves. It allows applications to execute securely and protects against unauthorized access or tampering.

RISC-V AP-TEE is a trusted execution environment designed for the RISC-V (pronounced "risk-five", ) architecture, an open standard instruction set architecture (ISA) based on established reduced instruction set computer (RISC) principles. AP-TEE provides a secure execution environment for applications, protecting sensitive code and data from unauthorized access. Unlike most other ISA designs, RISC-V AP-TEE is provided under royalty-free open-source licenses.