Trusted Execution Environment is a highly confidential, secure, and isolated environment where the application code and the data executes. This secured and isolated area can sit inside the Central Processing Unit (CPU) of the system. This secured area or the environment is also termed Enclave.
When the application code executes in this secured area along with its data, there is no way the data can be accessed even by the debuggers. Only the authorized code can access the data. Hence there is no chance of tampering the data that is being processed by the authorized code. No malware or hackers or malicious insiders can gain access to the data that is being used in the Trusted Execution Environment.
Creating a Virtual Machine with Confidential Computing enabled
Let us create a Virtual Machine with Confidential Computing enabled using the Azure portal. Below are steps for the same.
Step 1 - Select Confidential Compute VM Deployment
Log in to Azure Portal and search for Confidential Compute VM Deployment in the Market Place.
Click Confidential Compute VM Deployment in the search result. Then, click on the "Create" button.
Step 2 - Configure basic settings
Select image as Windows Server 2016 Datacenter. Currently, Windows Server 2016 Datacenter and Ubuntu Server 16.04 LTS are supported.
Provide information to configure settings like Virtual Machine Name , Username, Password, Subscription, Resource Group details, Location. Click the OK button.
Step 3 - Select supported Virtual Machine size
Select a VM size as Standard_DC2s or Standard_DC4s. Select Storage, network and other needed settings and click on OK button.
Step 4 - Review request summary and create Virtual Machine
Click on the "Create" button to spin up a Virtual Machine with Confidential Computing enabled.
Winding up