"Confidential computing" might seem to refer to homomorphic encryption, but has nothing to do with it in its usage here. After searching around a bit, I suspect that Microsoft Azure first used it in 2017 to refer to code running within a trusted enclave.<p>It looks to me that while Asylo is agnostic about the specific TEE used, it is primarily targeted at Intel SGX [1]. Instead of having to trust Google to run your code correctly and not read your data, you'd have to trust Intel to manufacture a secure enclave and essentially bake in a private key that cannot be read. You could use the public key to encrypt your code and workload, and it would run in a part of the processor that Google presumably cannot access (or measure [2]).<p>A good further introduction might be this paper [3] (especially the diagram on page 2), or this answer [4].<p>I'll repeat my main concern with this system: you will reinforce Intel's position as 'feudal lord' in this model [5].<p>[1] <a href="https://github.com/google/asylo/tree/master/asylo/identity/sgx" rel="nofollow">https://github.com/google/asylo/tree/master/asylo/identity/s...</a><p>[2] <a href="https://arxiv.org/abs/1702.08719" rel="nofollow">https://arxiv.org/abs/1702.08719</a><p>[3] <a href="https://eprint.iacr.org/2016/086.pdf" rel="nofollow">https://eprint.iacr.org/2016/086.pdf</a><p>[4] <a href="https://security.stackexchange.com/questions/175749/what-are-the-functional-similarity-and-difference-between-tpm-and-sgx-in-trust-c" rel="nofollow">https://security.stackexchange.com/questions/175749/what-are...</a><p>[5] <a href="https://news.ycombinator.com/item?id=15936121" rel="nofollow">https://news.ycombinator.com/item?id=15936121</a>