Introduction

Confidential computing is a technology that protects data processing security on trusted hardware. The Arm chips for confidential computing adopt the TrustZone technology.

Trusted execution environments (TEEs) of traditional TrustZone solutions are dedicated to terminal devices. Trusted applications (TAs) can run in the TEE OS only after being authenticated by terminal device vendors, but cannot be used in general-purpose computing. The TEE Kit is a next-generation confidential computing technology implemented in virtual machines (VMs). It is compatible with the existing application ecosystem and extends confidential computing from the application layer to the OS layer. This document describes the software architecture and features of the Confidential Computing TEE Kit powered by a new Kunpeng 920 processor model, and how to set up the TEE Kit environment and use confidential virtual machines (cVMs).