How Metalvisor Provides Confidential Compute

Brad Sollar
Chief Technical Officer

April 5, 2023

Confidential computing has become a critical concern in today's connected world, where sensitive data is processed, stored, and transmitted daily. Mainsail's Metalvisor offers a solution to this problem by providing confidential compute using multi-key total memory encryption on Intel CPUs.

Metalvisor is a TypeZero hypervisor, which protects compute workloads at the edge. This makes it ideal for use in edge computing environments, where data privacy is paramount. Metalvisor runs directly on the host hardware, creating a secure environment for virtual machines. Sensitive data is protected from unauthorized access and data breaches.

One of the critical features of the Metalvisor is its use of multi-key total memory encryption. This means that all memory used by the virtual machines is encrypted. This provides a high level of security, as attackers cannot access the encrypted data even if they gain access to the physical device.

The Metalvisor also uses Intel's hardware-based encryption acceleration capabilities, providing better performance and security than software-based encryption. The hardware-based encryption is sealed to the CPU, making it more difficult for attackers to access the encryption keys. This ensures that sensitive data is protected even if the virtual machine is compromised.

Mainsail's Metalvisor uses unique encryption keys for each virtual machine (VM) to provide defense in depth against potential data breaches. Each VM has its own encryption key, which is used to encrypt its memory and stored data. This provides an additional layer of security compared to traditional encryption methods, where a single key is used to encrypt all data.

"Metalvisor uses unique encryption keys for each virtual machine (VM) to provide defense in depth against potential data breaches"

If a single VM is compromised, the attacker would only have access to the encrypted data of that VM and not the data of other VMs. This minimizes the damage that a single security breach can cause.

The Metalvisor is designed to be easy to use, with a simple and intuitive user interface. Administrators can quickly create, cryptographically sign, and manage virtual machines. 

Mainsail's Metalvisor provides a secure and reliable solution for confidential computing, using multi-key total memory encryption and hardware-based encryption capabilities on Intel CPUs. With its easy-to-use interface and simplified cryptography, Metalvisor is an ideal solution for organizations that need to process sensitive data in edge computing environments securely.