Environment Configuration
Kata containers, often referred to as "secure containers," operate within lightweight VMs rather than directly on the host kernel. This architecture provides robust, VM-level isolation, effectively mitigating the risk of cross-container privilege escalation.
Confidential containers, built upon the TEE security suite, further harden this architecture by replacing the lightweight VMs with virtCCA cVMs.
Just as with cVMs, deploying OpenClaw on confidential containers requires confidential computing hardware and software support. For instructions on deploying core virtCCA components, see Software Deployment. For guidance on deploying containerd and initializing a Kubernetes cluster for virtCCA, see Deploying containerd and Initializing the Kubernetes Cluster.md.