# Confidential Computing: Foundations for Secure, Trustworthy, and Sustainable Digital Systems > [! note]- > This summary is based on several sessions within this topic. It summarizes the most important content and places it in an eco-social context. The texts are based on audio/video transcription and text transformation - generated from the content and links of these sessions. ## What is this track about? This track at FOSDEM 2025 explores the rapidly evolving field of Confidential Computing—a set of technologies and methods designed to protect sensitive data while it is being processed, not just while stored or transmitted. Sessions cover the historical development and future prospects of confidential computing, trusted execution environments (TEEs), secure virtual machines, open-source frameworks for secure data analytics, and the integration of these technologies into cloud and web services. Practical demonstrations show how these tools can be applied for secure storage, privacy-preserving research, and protection of data in cloud-native and embedded environments. The track also highlights regulatory drivers (such as the EU's DORA), the importance of open standards, and the need for collaboration across hardware, software, and policy domains. The ultimate aim is to make digital infrastructures more trustworthy, resilient, and accessible, supporting not only technical progress but also social and environmental responsibility. ## Sessions **Confidential Computing’s Recent Past, Emerging Present, and Long-Lasting Future** A broad overview of the evolution of confidential computing, its current role in cybersecurity, and its future for sustainable digital trust. [Confidential Computings Recent Past Emerging Prese](Confidential%20Computings%20Recent%20Past%20Emerging%20Prese.md) **Confidential Computing devroom welcome** Introduction to the devroom and key concepts in confidential computing, highlighting community growth and foundational technologies. [Confidential Computing Devroom Welcome](Confidential%20Computing%20devroom%20welcome.md) **ManaTEE: an Open-Source Private Data Analytics Framework with Confidential Computing** Presentation of ManaTEE, an open-source framework for privacy-preserving data analytics in public research and civic engagement. [ManaTEE an Open Source Private Data Analytics Fram](ManaTEE%20an%20OpenSource%20Private%20Data%20Analytics%20Frame.md) **Confidential Virtual Machines Demystified: A Technical Deep Dive into Linux Guest OS Enlightenment** A technical exploration of confidential virtual machines (CVMs) and their role in securing cloud workloads. [Confidential Virtual Machines Demystified A Techni](Confidential%20Virtual%20Machines%20Demystified%20A%20Techni.md) **Supporting Confidential Computing on Arm with Open Source Software** An end-to-end scenario for confidential computing on ARM platforms using open-source stacks and key attestation tools. [Supporting Confidential Computing on Arm with Open](Supporting%20Confidential%20Computing%20on%20Arm%20with%20Open.md) **Updates on Coconut SVSM: Secure Services and Stateful Devices for Confidential Virtual Machines** Latest advances in the Coconut SVSM project for secure services and persistent devices in confidential VMs. [Updates on Coconut SVSM Secure Services and Statef](Updates%20on%20Coconut%20SVSM%20Secure%20Services%20and%20Statef.md) **Trust No One: Secure Storage with Confidential Containers** How confidential containers and Kubernetes enable secure, encrypted storage for sensitive cloud data. [Trust No One Secure Storage with Confidential Co](Trust%20No%20One%20Secure%20Storage%20with%20Confidential%20Cont.md) **RA-WEBs: Remote Attestation for WEB services** Introducing RA-WEBs, a protocol for remote attestation in web services, enhancing data privacy and user trust. [RA WEBs Remote Attestation for WEB services](RAWEBs%20Remote%20Attestation%20for%20WEB%20services.md) **Running Mushroom on Intel TDX** Session content unavailable due to extraction error, but likely focused on running confidential workloads on Intel TDX. [Running Mushroom on Intel TDX](Running%20Mushroom%20on%20Intel%20TDX.md) **Spock: a software-based RISC-V TEE** A lightweight, software-based trusted execution environment (TEE) for RISC-V embedded devices, enabling security on low-resource hardware. [Spock a software based RISC V TEE](Spock%20a%20softwarebased%20RISCV%20TEE.md) **Confidential Computing devroom lightning talks** Short talks on remote attestation, secure execution, and open-source solutions for confidential computing, with a focus on challenges and opportunities. [Confidential Computing devroom lightning talks](Confidential%20Computing%20devroom%20lightning%20talks.md) ## Significance for an eco-social transformation Confidential Computing is a cornerstone for building trustworthy, sustainable, and just digital infrastructures. By ensuring that sensitive data remains protected even during processing, these technologies address growing concerns around privacy, data sovereignty, and digital rights—critical for a fair digital society. Open-source frameworks and hardware-agnostic solutions (e.g., ManaTEE, Spock, Coconut SVSM) democratize access to advanced security, empowering smaller organizations, public institutions, and grassroots initiatives to participate safely in the digital economy. The track emphasizes the alignment of technical innovation with social and ecological values. Confidential Computing supports responsible data sharing in health, environmental monitoring, and civic research—enabling collaborative problem-solving without compromising privacy. Regulatory frameworks such as DORA and GDPR drive the adoption of these technologies, reinforcing the need for transparency, accountability, and ethical governance. By fostering open standards and community-driven development, the field encourages inclusivity and resilience, reducing dependency on proprietary black-box systems and supporting digital sovereignty. Furthermore, the ability to secure cloud-native and embedded systems helps safeguard critical infrastructure (from environmental sensors to healthcare systems) against misuse or breaches, supporting long-term ecological and social goals. Integrating these technologies into eco-social design processes can help ensure that digital transformation is not only efficient but also equitable and sustainable. ## Possible applications 1. **Privacy-Preserving Data Analytics for Public Good**: Use ManaTEE to enable secure, privacy-preserving analysis of sensitive data in public health, environmental research, or civic engagement projects. [ManaTEE an Open Source Private Data Analytics Fram](ManaTEE%20an%20OpenSource%20Private%20Data%20Analytics%20Frame.md) 2. **Secure Cloud Deployments for Social Enterprises**: Leverage confidential virtual machines (CVMs) to protect user data and intellectual property in cloud-based platforms for cooperatives, NGOs, or community services. [Confidential Virtual Machines Demystified A Techni](Confidential%20Virtual%20Machines%20Demystified%20A%20Techni.md) 3. **Open-Source Secure Storage for Community Projects**: Implement confidential containers and encrypted storage with Kubernetes for grassroots or municipal projects handling sensitive personal or environmental data. [Trust No One Secure Storage with Confidential Co](Trust%20No%20One%20Secure%20Storage%20with%20Confidential%20Cont.md) 4. **Remote Attestation in Ethical Web Services**: Apply RA-WEBs to build transparent, trustworthy web services (e.g., participatory platforms, digital democracy tools) that assure users of data integrity and privacy. [RA WEBs Remote Attestation for WEB services](RAWEBs%20Remote%20Attestation%20for%20WEB%20services.md) 5. **Low-Resource Secure Devices for Environmental Monitoring**: Use Spock’s software-based TEE to secure IoT devices and sensors in ecological monitoring, smart agriculture, or distributed energy management. [Spock a software based RISC V TEE](Spock%20a%20softwarebased%20RISCV%20TEE.md) 6. **Collaborative Open-Source Hardware Security**: Engage with open-source projects like Coconut SVSM and Project Veraison to co-develop secure, transparent hardware solutions for critical eco-social infrastructure. [Updates on Coconut SVSM Secure Services and Statef](Updates%20on%20Coconut%20SVSM%20Secure%20Services%20and%20Statef.md) 7. **Ethical Policy Advocacy and Standardization**: Use insights from regulatory discussions (DORA, GDPR) and open standards efforts to advocate for fair, accessible, and rights-respecting digital infrastructure. [Confidential Computings Recent Past Emerging Prese](Confidential%20Computings%20Recent%20Past%20Emerging%20Prese.md) ## Challenges & open questions Key technical challenges include the complexity of integrating confidential computing into existing infrastructures, ensuring compatibility across hardware platforms (Intel, AMD, ARM, RISC-V), and providing persistent, secure state in virtualized environments. There are also ongoing difficulties in making advanced security features accessible and usable for small organizations and non-experts. Ethically, the field must address transparency, user control, and governance—ensuring that security technologies do not become tools for surveillance or exclusion. Socially, there is a need to build trust in these new paradigms, especially among vulnerable groups, and to ensure equitable access to secure digital tools. Open questions remain around standardization (especially for remote attestation and key management), interoperability in multi-cloud and hybrid environments, and the long-term sustainability of open-source security projects. The field also needs more research on formal verification of security guarantees, usability in low-resource contexts, and policy frameworks that balance innovation with fundamental rights.