https://www.pistack.xyz/tags/container-security/ Recent content in Container-Security on Pi Stack Hugo en-us Sun, 17 May 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-05-17-self-hosted-confidential-computing-gramine-occlum-enarx-tee-guide/ Sun, 17 May 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-05-17-self-hosted-confidential-computing-gramine-occlum-enarx-tee-guide/ <p>Confidential computing uses hardware-based Trusted Execution Environments (TEEs) to protect data while it is being processed. Unlike encryption at rest and in transit, TEEs shield data in use — preventing even the host operating system, hypervisor, or cloud provider from accessing sensitive workloads. Three open-source platforms lead this space: <strong>Gramine</strong>, <strong>Occlum</strong>, and <strong>Enarx</strong>. Each takes a fundamentally different architectural approach to enabling confidential computing for self-hosted deployments.</p>