Infra Atlas · Cross-Cloud · Confidential Computing

Confidential Computing.

Hardware-backed trusted execution environments mapped across the major clouds — Intel SGX, AMD SEV-SNP, Intel TDX, AWS Nitro Enclaves and confidential GPU. Which cloud runs which silicon, in which families, in which regions.

Application enclave

Intel SGX carves a small encrypted region — the enclave — out of one process. Only code inside the enclave sees plaintext; the OS, hypervisor and the rest of the app cannot. Powerful, but the app must be re-architected to split trusted from untrusted code.

Whole-VM TEE

AMD SEV-SNP and Intel TDX encrypt and integrity-protect an entire guest VM against the host hypervisor — no code changes, the whole OS runs confidentially. SEV-SNP came with 3rd-gen EPYC; TDX with 5th-gen Xeon. Distinct designs, comparable threat model.

The asterisks

AWS Nitro Enclaves is not SGX, SEV-SNP or TDX — it is isolation by the Nitro hypervisor, processor-agnostic, no in-use memory-encryption attestation of the kind SEV-SNP/TDX give. Confidential GPU extends the TEE boundary onto an NVIDIA H100. Read the footnotes.

Legend Generally available Limited / preview / partial Not offered * Click any cell for the note & source