CONCEPT Cited by 1 source

Confidential computing

Definition

Confidential computing is the posture of protecting data in use — i.e. plaintext that is being actively computed on — via hardware-enforced isolation primitives (TEEs). It is the third leg of the data-protection triad alongside:

• Data at rest — disk / volume / object-store encryption.
• Data in transit — TLS / network encryption.
• Data in use — confidential computing.

Without the third leg, a privileged attacker on the host (OS root, hypervisor compromise, malicious datacentre operator) can read plaintext simply by snapshotting process memory or attaching a debugger. Confidential computing removes the host from the trusted computing base (TCB): plaintext exists only inside a hardware-enforced boundary the host cannot observe.

Primitives in the confidential-computing stack

1. TEE — the hardware-isolated execution environment (enclave / CVM / confidential GPU).
2. Remote attestation — the cryptographic proof that a specific, known-good binary is running inside a genuine TEE instance.
3. Binary transparency log — a published third-party ledger of acceptable binary digests, so attestation verdicts are publicly anchored, not "the operator says X is fine".
4. Attested-TLS / RA-TLS — binds the TLS handshake to the attestation, so the client's session key is only released after the TEE identity + binary are verified.
5. Encrypted DRAM + memory-integrity protection — CPU-level mechanisms that prevent host-side snooping + silent tamper.

Canonical wiki instance: WhatsApp Private Processing

WhatsApp Private Processing is the wiki's first canonical confidential-computing deployment for private AI inference. Meta composes a CVM + Confidential-Compute-mode GPU TEE with a third-party binary ledger, RA-TLS, and client-held ephemeral keys so that LLM inference (message summarisation, writing suggestions) over end-to-end-encrypted messages can happen without Meta, WhatsApp, or any intermediary ever seeing the plaintext.

What confidential computing is NOT

• Not a synonym for TEE. A TEE is the hardware primitive; confidential computing is the architectural posture that uses a TEE plus attestation plus transparency plus session-key gating plus minimised inputs — the TEE alone does not guarantee the property.
• Not a replacement for defence-in-depth. TEEs have side-channel and physical-attack residual risks that must be addressed by other layers.
• Not automatic for applications inside. An exploitable bug in the in-TEE application still leaks the data. Hardened binaries, containerisation, log-filtering, input sanitisation, and a minimised entry surface all still apply.
• Not equivalent to E2EE. E2EE is a property of two endpoints; confidential computing extends the endpoint boundary to include a server-side compute step whose trust is rooted in hardware + attestation.

Seen in

• sources/2025-04-30-meta-building-private-processing-for-ai-tools-on-whatsapp — Meta's Private Processing is the canonical wiki instance; the post articulates confidential processing, enforceable guarantees, verifiable transparency, non-targetability, and stateless + forward security as the foundational requirements confidential computing must meet in this application.

Related

• concepts/trusted-execution-environment — the primitive class.
• concepts/remote-attestation — the proof that binds a TEE instance to a known-good binary.
• concepts/ra-tls — the session-key-gating composition.
• concepts/verifiable-transparency-log — the binary-ledger layer.
• concepts/end-to-end-encryption — the invariant confidential computing preserves when compute happens server-side.
• systems/cvm-confidential-virtual-machine — the VM-granularity TEE.
• systems/whatsapp-private-processing — canonical wiki deployment.
• patterns/tee-for-private-ai-inference — the architectural pattern confidential computing underlies for private AI.