How It Works
Understanding Trusted Execution Environments and Confidential Computing
What is Confidential Computing?
Confidential computing protects data in use by performing computations in an isolated Trusted Execution Environment (TEE), or “secure enclave”. This provides a level of security and verifiability that is impossible to achieve with traditional cloud computing approaches. Unlike encryption at rest (for stored data) or encryption in transit (for data being transferred over the network), confidential computing focuses on protecting data while it’s actively being processed. This is achieved by using isolated regions of memory and CPU resources which form a secure “enclave” where even the host (such as the cloud provider) cannot see the internal data. Indeed, these secure enclaves prevent access from all privileged software, including the operating system and hypervisor, while allowing remote verification of the environment’s security through an attestation mechanism. You can see how Tinfoil performs this verification automatically by learning more about our verification architecture. This hardware-backed security model enables sensitive workloads to run in untrusted environments while maintaining complete data privacy and integrity, even if the underlying infrastructure is compromised by an attacker.
How Tinfoil builds on secure enclaves
Tinfoil secure enclave to run AI workloads in compatible NVIDIA GPUs (namely, Hopper and Blackwell). Through hardware-enforced memory encryption and process isolation, these GPUs ensure that all data remains encrypted and inaccessible — even to cloud providers, administrators, or Tinfoil employees. The security of these workloads isn’t just a promise; it’s cryptographically verifiable. Anyone can verify the exact code running in the enclave by checking our open source repositories on GitHub, where automated builds produce signed binaries that are logged in Sigstore’s public transparency log. This combination of hardware-backed confidentiality and public code auditability creates a zero-trust system where you don’t have to take our word for it.
Comparison with Traditional Cloud
Traditional cloud computing and confidential computing represent two fundamentally different approaches to cloud security. Traditional cloud services rely on software-based security measures and require users to trust their cloud providers completely. While these providers implement robust security practices, they ultimately maintain full access to and visibility of customer data and workloads. In contrast, confidential computing via the use of secure enclaves introduces removes the need to trust the cloud provider entirely. With Tinfoil, we go one step further and remove trust from ourselves.
Next Steps
Ready to dive deeper? Check out: