Combining Confidential Computing with Hardware Acceleration to enhance end-to-end value/benefit

SUSE’s latest Technical Reference Document, “Confidential Computing with SUSE Linux Enterprise Base Container Images Using the IBM Hyper Protect Platform,” guides organizations as they enhance data security with hardware-based cryptographic capabilities. While confidential computing protects data in use, the guide’s additions detail how to leverage powerful hardware to further secure and accelerate sensitive workloads. It provides essential, step-by-step instructions for integrating IBM Crypto Express Adapters and Enterprise PKCS #11 (EP11) domains into containerized environments, ensuring data security remains both robust and performant.

What do the Technical Reference Document additions provide?

The document focuses on preparing and integrating the hardware security module of IBM Crypto Express adapters. For instance, Section 4.2.6 outlines crucial steps to “Prepare IBM Crypto Express adapters and domains to be passed into a containerized workload.” This process ensures that these dedicated cryptographic hardware resources are configured and ready for use by secure containers, creating a direct and secure channel for handling cryptographic operations.

Additionally, the documentation clarifies how to provision these hardware resources for use. Section 5.3.1 details the process of “Adding IBM Crypto Express adapters and domains to the contract,” a critical step in defining the secure workload’s configuration.

Finally, Section 6.2.1 covers the deployment phase, explaining how to “Add IBM Crypto Express adapters and domains to the deployment” to ensure the domains are available to the running containers.

These sections collectively illustrate a seamless and secure workflow from hardware preparation to final application deployment, taking advantage of the Hyper Protect Container Runtime image. They highlight how organizations can fully harness confidential computing and hardware-based cryptography together as the foundation for any SUSE Linux Enterprise Base Container image (SLE BCI) based workload deployed within such a Trusted Execution Environment.

A Video on Crypto Passthrough Setup may help!

For a visual and practical explanation of this process, a video explains the crypto passthrough setup with a demonstration application built on a SUSE Linux Enterprise Base Container image.

For complete details, please see IBM Hyper Protect Platform

As well the new blog by Nicolas Mading:  Updated Technical Reference Documentation about Confidential Computing with SUSE Linux Enterprise Base Container Images