Confidential Computing Sgx APIs

The vcenter confidential_computing sgx package covers VC functionality to work with Intel CPUs Software Guard Extensions (SGX) on the hosts. Software Guard Extensions (SGX) is a feature of recent Intel CPUs that allows users applications to create secure regions of memory-called enclaves-inside their address space. An enclave is opaque to all software running outside of the enclave, including the operating system and the hypervisor. In addition to this isolation functionality, Intel SGX also provides remote attestation capabilities, allowing external entities to verify that a specific SGX enclave is running on a host. An enclave's attestation quote is rooted on an Intel-issued Platform Certification Key (PCK) certificate that binds the current platform's SGX cryptographic identity to Intel, essentially certifying that it is a valid Intel SGX platform.