Skip to main content

Confidential Computing Environment – CCE

A confidential computing environment, or CCE, is the environment a confidential-computing workload runs in. The CCE is created and protected by the compute hardware (i.e., the CPU or the GPU). In the case of Intel SGX, the CCE is also called enclave (or "secure enclave"). In the case of AMD SEV, Arm CCA, and Intel TDX, the CCE is called confidential VM (CVM).

A CCE has the following defining features and properties:

In contrast, TEEs like Arm TrustZone typically only provide forms of isolation and remote attestation.