SUSE Joins the Confidential Computing Consortium

SUSE steps up its focus around data protection and trust with a strong commitment to preserving data integrity from core to cloud to edge.  SUSE is happy to announce we have joined Linux Foundation’s Confidential Computing Consortium, a community focused on projects that deal with securing data in use and accelerating the adoption of confidential computing through open collaboration.

Customers and partners rely on SUSE to deliver a secure, open source platform that fully protects data regardless of its state.  Confidential Computing safeguards data in use without impacting business-critical workloads.  Joining the Confidential Computing Consortium enables SUSE to collaborate with open source leaders to advance these security technologies for our customers.

Why confidential computing?

Security is a top concern for enterprises today with threats of cyberattacks and data breaches increasing.

“82 percent of enterprises would be very concerned if their cloud provider had the ability to access their data.”[1]

Cloud adoption is challenged due to the lack of trust with public cloud vendors, providing motivation for Confidential Computing solutions.  Protecting data-in-use, held within CPU registries and memory, is the focus of the “Confidential Computing” movement.  Confidential Computing encrypts data during processing. In recent years CPU vendors have started to integrate features which allow to setup isolated and trusted execution environments that are inaccessible to the rest of the system.

SUSE’s commitment to security and confidential computing

A “data in use” solution is needed across the entire OS-based software infrastructure stack for workloads migrating into and/or running within cloud environments.  In direct correlation to confidential computing, what SUSE delivers today provides the building blocks for our future investments in this very important endeavor.  This includes:

• A complete software stack that is cryptographically signed including BIOS, Bootloader, OS, and Hypervisor
• Remote measurement and attestation to verify the integrity of a remote system running SUSE Linux Enterprise
• SUSE Linux Enterprise support for Confidential Virtual Machines on Google Cloud Platform and Microsoft Azure (coming soon) using AMD-SEV chipsets (includes Linux kernel, LibVirt, and KubeVirt)
• SUSE Linux Enterprise supports Confidential Computing on IBM zSystems and LinuxONE
• Working with Intel and Arm in delivering Confidential Computing solutions

More resources

• Read our blog post ”SUSE Secure VM Service Module for Confidential Computing”
• Read our blog post ”SAP Security: 5 Critical Considerations to Protect Your Infrastructure”
• Read our blog post “Another Orchestrated Attack: How Do I Protect Myself?”
• Check out our Adaptable Linux Platform project, which helps raise the bar on confidential computing and remote attestation.

Jeff Reser, SUSE

[1] Futurum Research “Confidential Computing: The Future of Data Security and Digital Trust”