Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Confidential Containers

Introduction

The TEE OS supports containerized CAs and TAs and high-level language applications. Figure 1 shows the overall architecture.

Figure 1 Architecture of confidential containers
  • Docker engine: Core software used to run and manage containers. It is automatically installed when installing Docker.
  • Container: An operating environment built based on user-defined images, including CAs and TAs.
  • REE patch: A component in the REE, which is deployed on the host to enable the TrustZone environment.
  • tlogcat: deployed on a host or in a container to view logs printed in the TEE.
  • agentd: deployed in a container to load TAs in the container and support secure storage in the container.
  • tee_teleport: deployed on a host or in a container to deploy and run high-level language applications.

For details about how to use this feature, see Confidential Containers.

Restrictions

  • Network or disk read/write is not supported.
  • CAs and TAs can be deployed in containers.
  • High-level language applications can be deployed in containers.
Parent topic: Key Features