TPM

In a previous post, I explained that the direction most Confidential Computing deployments are converging toward is to reintroduce the TPM abstraction inside the Confidential VM itself. Rather than relying on a physical TPM, the goal is to expose a TPM interface from within the TEE. This design choice is largely pragmatic. It enables a lift-and-shift model for existing operating systems and workloads that already depend on TPMs for measured boot, disk encryption, and remote attestation. At the same time, it preserves the familiar TPM security guarantees while replacing physical trust assumptions with hardware-enforced isolation. ...