Confidential Computing, with Fabian Kammel
Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud-native) world a safer place. In his career, he continuously worked to bring hardware security and cloud-native security closer together. His past projects include: * A cloud-native PKIs for on-road vehicle services secured by enterprise HSMs * An always-encrypted Kubernetes distribution that harnesses the power of Confidential Computing * And more recently securing SPIFFE-based machine identities via hardware attestation. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod Links from the interview Confidential Computing Blog from kubernetes.io Confidential Computing Consortium Confidential Computing Whitepaper Intel SGX Enclave Swap Memory with Kubernetes in Beta in 1.28 Hardware Security Modules Trusted Platform Modules (TPM) Envelope Encryption Confidential Computing Concepts - Confidential Virtual Machine AMD Secure Encrypted Virtualization (AMD SEV) AMD Secure Encrypted Virtualization - Secure Nested Paging (AMD SEV SNP) Trusted Computing Base (TCB) Remote Attestation Confidentiality, Integrity, and Availability: The CIA Triad Intel SGX Enclaves Confidential Containers (CoCo) Katacontainers AWS Firecracker