| AMD SEV | AMD’s Secure Encrypted Virtualization (SEV) isolates virtual machines (VMs) from the hypervisor, found in recent AMD processor generations like Milan. |
| Arm CCA | Arm Confidential Compute Architecture (CCA) shares a similar approach to AMD SEV, isolating VMs from privileged software entities such as the hypervisor. |
| CCE | A confidential computing environment (CCE) is shielded from the rest of a system and privileged individuals. Unlike specialized security hardware (e.g., HSMs or smart cards), CCEs can typically run almost any software. CCEs have three defining properties: runtime encryption, isolation, and remote attestation. |
| CVM | A confidential virtual machine (CVM) applies the defining properties of a CCE to an entire virtual machine, allowing it to run any workload without requiring modifications, in contrast to secure enclaves. |
| Enclave | An enclave is a finer-grained form of a CCE, with Intel’s Software Guard Extensions (SGX) being |
| Intel SGX | Intel’s Software Guard Extensions (SGX) serve as a well-known implementation of secure |
| Intel TDX | Intel’s Trust Domain Extensions (TDX), available with next-generation Xeon processors, enable |
| NVIDIA Hopper H100 | Nvidia Hopper H100 Graphics Processing Units (GPUs) possess confidential computing features. While in the market since late 2022, software support for confidential computing was added with the NVIDIA CUDA toolkit 12.2 update in July 2023. |
| SEAM | The Secure-Arbitration Mode is a new CPU mode of Intel TDX. |
| Realms | Realms are the secure execution environments of Arm CCA. |
| Remote attestation | Remote attestation involves the processor issuing a cryptographic certificate, on demand, proving the integrity and authenticity of a CCE and the data it produced. |
| TEEs | Trusted Execution Environments (TEEs) are secure environments for data processing created by the processor, forming the fundamental concept of confidential computing. |