Nitride
HomeDocumentationTutorials
  • Nitride
  • Documentation
    • What is Nitride?
    • Use Cases
    • Setup
      • Install Nitride
      • Configure
    • Get Started
      • Attesting a MariaDB database with Cloud-Init
    • Concepts
      • Attestation
        • AMD SEV PKI
        • Intel TDX PKI
      • enclaivelet
    • Supported Technologies
  • Tutorials
    • Create identities and policies
    • Attesting a buckypaper VM
  • Developers
    • API
      • Overview
      • Identities
      • Policies
      • Totp
      • Attestations
      • Logs
      • Config
      • Annotations
  • CLI
    • Enable Auth
    • Register Identities
    • Create Policy
    • Create Attestation
    • Enable Namespacing
  • Resources
    • Blog
    • GitHub
    • Youtube
    • CCx101
Powered by GitBook
On this page

Was this helpful?

  1. Documentation
  2. Concepts

enclaivelet

Last updated 8 months ago

Was this helpful?

Attestation protocols undergo an standardization attempt by the . Until a standard is published, all CPU vendors and cloud service provider implement their own attestation protocol. Variants include internal, external, raw, vTPM-based or confidential boot enabled attestation, to name a few.

To handle present and future variances, the enclaivelet implements an attestation to request a workload certificate irrespectively of the underlying hardware and cloud service provider nuances. That is, irrespectively of the underlying platform and attestation the enclaivelet implements the protocol variants and issues a certificate is in JSON format. See .

Architecture

enclaivelet has been designed with the premise of modularity. At the core is the concept of attestation and service providers enabling to customize the enclaivelet functionality.

The enclaivlet comprises three core layers:

  • platform libs: they implement the API to communicate with the platform's security processor

  • attestation providers: as mentioned above, each data center/CSP implements its own version of attestation. This means different formats, protocols and technologies. The enclaivelet addresses the inhomogeneity with attestation providers. They implement the specifics of the compute provider's attestation method.

  • service providers: they implement the "secret provisioning" methods and source the services to be provided with vault secrets.

confidential computing consortium
shim
technology
Drawing
attestation examples