Release notes

Edit online

Use the release notes to learn about the latest features of IBM Confidential Computing Containers for Red Hat OpenShift Container Platform (CCCO).

The IBM CCCO provides the following features:

Enterprise-ready Confidential Computing with Red Hat OpenShift

IBM Confidential Computing Containers now supports deployment of isolated workloads using IBM Secure Execution for Linux (IBM SEL), which provides hardware-based encryption and a root of trust. This capability enables confidential computing at scale without relying on third-party attestation or key management services. When integrated with Red Hat OpenShift Container Platform, IBM Confidential Computing Containers delivers enhanced workload protection without requiring a separate environment or unique deployment model.

Multiparty contract and deployment certification

IBM Confidential Computing Containers introduces the Encrypted Multi-Persona Contract, an encrypted contract model that supports zero trust principles across multiple personas and legal entities. Each contributor can securely provide input without exposing data or intellectual property to others. An auditor persona can validate deployments using an encrypted and signed attestation record. IBM CCCO can access and decrypt sealed secrets without external key management systems, enabling secure workload identity and zero-knowledge proof capabilities.

Container runtime and Open Container Initiative image integrity validation

IBM Confidential Computing Containers enhances container security by validating Open Container Initiative (OCI) images before deployment. Using the Red Hat OpenShift sandboxed containers add-on, IBM Confidential Computing Containers ensures only validated container versions are deployed. Validation is enforced through Open Policy Agent (OPA) rules defined in encrypted rego files, which are part of the immutable Encrypted Multi-Persona Contract. These rules can include trusted digests or signatures and are enforced independently of third-party components such as the trustee.