Red Hat Blog

Confidential Computing is a set of technologies designed to protect data in use (for example, it provides memory encryption). This article is fifth in a six-part series (see the previous article), about various Confidential Computing usage models, and the requirements to get the expected security and trust benefits. In this article, I explore the many available Confidential Computing platforms, and discuss how they differ in implementation, and specifically in how to perform attestation: AMD Secure Encrypted Virtualization (SEV) in its three generations (SEV, SEV-ES and SEV-SNP) Intel

As a Solution Architect, I’m often asked what Red Hat’s best practices are for patch management. In this article, I'm going to cut through the noise, linking to relevant work and materials where appropriate, to offer some focused guidance around what exactly a best practice is and what tools you can leverage as part of your patch management toolkit. After reading this article, you'll have a clearer idea about the tools and approaches you can leverage to deliver patches—and the best practices around defining that process—for your organization. Calling something a "best practice" i

For nearly two decades, Red Hat has been helping both public and private entities adapt to changing IT security requirements and concerns. Red Hat achieves a wide range of cybersecurity validations and certifications for our products and services in global markets. Among these are some of the most well-known standards for information security management, safeguarding customer data and cloud security. Red Hat Product Security recently achieved attestation and re-certification of SOC 2 Type 2, PCI-DSS, ISO 27001, ISO 27017, and ISO 27018 certifications and attestations for the following:

In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to ensure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview). For additional details on OpenShift

Confidential containers (CoCo) is a new feature of Red Hat OpenShift sandboxed containers that leverages Trusted Execution Environment (TEE) technology to isolate your containers from the host and other containers. In this blog post, you will learn how to set up OpenShift sandboxed containers with confidential containers support on an OpenShift cluster hosted on Azure, using AMD SEV-SNP technology. You will also see how to create and run a confidential container that can process confidential data more securely and efficiently. For more information on confidential containers running on Az

When we started the discussions on the requirements that led to the development of Hirte (introduced by Pierre-Yves Chibon and Daniel Walsh in their blog post), we explored using systemctl with its --host parameter to manage systemd units on remote machines. However, this capability requires a secure shell (SSH) connection between the nodes, and SSH is too large of a tunnel. Instead, Hirte was created using transmission control protocol (TCP) based manager-client communication between the machines. Since Hirte manages systemd units, it uses the D-Bus protocol and the sd-bus application prog

This article is the fourth in a six-part series where we present various use cases for confidential computing—a set of technologies designed to protect data in use, like memory encryption, and what needs to be done to get the technologies’ security and trust benefits. In this article, we will focus on establishing a chain of trust and introduce a very simple pipeline called REMITS that we can use to compare and contrast various forms of attestation using a single referential. Part 1: Confidential computing primer Part 2: Attestation in confidential computing Part 3: Confidential

The software supply chain has quickly become the latest target for malicious actors, with targeted attacks on foundational software components intended to orchestrate data breaches, initiate service outages or worse. Today, we announced the release of Red Hat Trusted Software Supply Chain for businesses to more consistently code, build and monitor a trusted supply chain within their software factory. This allows software development teams and their business leaders to maintain and grow user trust. Why software supply chains matter Development teams rely on open source technology to keep

Red Hat OpenShift sandboxed containers has taken a significant step forward in workload and data security by adopting the components and principles of the CNCF Confidential Containers (CoCo) open source project and the underlying Trusted Execution Environment (TEE) technology. The first blog in the series introduced the OpenShift sandboxed containers with support for confidential containers solution on Microsoft Azure and targeted use cases. Learn more about Confidential Containers In this blog, we're focusing on the specifics of the CoCo components. We'll break down the major elements,

This article is the third in a six-part series (see our previous blog), where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get the expected security and trust benefits from t​​he technology. In this third article, we consider the four most important use cases for confidential computing: confidential virtual machines, confidential workloads, confidential containers and confidential clusters. This will allow us to better understand the trade-offs between the