Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security of confidential container should to be clarified #2

Open
PenglinYang opened this issue Aug 29, 2022 · 1 comment
Open

security of confidential container should to be clarified #2

PenglinYang opened this issue Aug 29, 2022 · 1 comment

Comments

@PenglinYang
Copy link
Collaborator

No description provided.

@PenglinYang
Copy link
Collaborator Author

The CCC common-terminology defined the confidential contianer as in the below. This means the container process is protected by CC, and other components like runc, container-shim don’t have to be protected by CC. And if a SEV-SNP CPU runs container in a VM, then in that VM there cannot have other untrusted components like another container, unless these two containers trusted each other.
confidential container: the entrypoint process of an Open Container Initiative (OCI)-compliant 2 container image launched by an OCI container runtime such that the process is executed inside a hardware-based TEE, and it is protected from other confidential containers and any hosting environment in the TEE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PenglinYang