The Confidential AI open-source project enables developers to securely execute sensitive AI tasks in the cloud: without exposing raw data/models, it leverages trusted hardware and remote attestation technologies to protect user privacy data, training sets, and generative models throughout their lifecycle while allowing normal utilization of cloud computing resources for complex AI inference and training.
Current Stable Version: v1.0.0 - 2025-06-01
Core Update: First release of Confidential AI
| Component | Version | Function Description | Change Summary |
|---|---|---|---|
| Trustiflux | 1.1.0 | Integrates CDH/AA to provide resource security management and remote attestation services for confidential computing containers | Added AA/CDH dracut module support Architecture restructured: RACR protocol migrated to CDH Security enhancements: Integrated TPM attestation module |
| Trustee | 1.1.3 | Tools and components for verifying confidential computing TEE (Trust Execution Environment) and secret data delivery | Integrated TPM private key CA plugin Added authentication policy query API |
| TNG | 1.0.3 | Trusted gateway based on remote attestation, enabling end-to-end encrypted communication for zero-trust architecture without application modifications | - |
Full Change Log
- For rapid validation of Confidential-AI's end-to-end workflow, we provide a one-click Docker-based deployment solution. See Docker Deployment Guide. This solution applies to:
- Hybrid environment simulation: Process covers user side (Trustee key management) and cloud side (Trustiflux trusted inference) collaboration. Full simulation can be completed in a single TDX instance through Docker, suitable for development debugging or demonstration verification.
- Out-of-the-box: Containerized packaging of dependency environments and configuration scripts avoids deployment issues caused by environment differences, ensuring process consistency.
- Core Requirements
- Confidential computing environment supporting SGX (e.g., Alibaba Cloud TDX ECS).
- Docker and basic command-line tools installed.
- Key Advantages
- Security enhancement: Combines SGX remote attestation technology to ensure keys are decrypted only in verified trusted environments, protecting model privacy.
- Agile delivery: Pre-configured automation scripts handle complex steps like PCCS configuration and service discovery, reducing onboarding costs.
- Environment agnosticism: Container images can be rapidly migrated across any cloud environment supporting SGX, adapting to multi-cloud/hybrid cloud architectures.
- Production-grade deployment solution based on RPM packages. For details, see RPM Deployment Guide. Applicable to the following scenarios:
- Production Environment Deployment: Version control and dependency management through standard package managers.
- Hardware-Dedicated Environments: Deploy directly on TDX-supported physical or virtual machines for optimal performance.
- Core Requirements
- TDX-supported confidential computing environment (e.g., Alibaba Cloud TDX ECS).
- Operating system: Alibaba Cloud Linux 3 (AL3).
- Key Advantages
- Standard Package Management: Install/upgrade/uninstall via RPM packages, compliant with enterprise operation standards.
- Automated Workflows: Preconfigured scripts automatically handle complex processes like key management and service registration.
- Flexible Extensibility: Support for custom configuration parameters by modifying
config_trustee.yamlandconfig_trustiflux.yamlto adjust deployment strategies.
This project uses the Apache 2.0 license.