IBM Confidential Computing for Red Hat ecosystem

Advancing confidential computing and the IBM Confidential Computing product family as a fully integrated part of the Red Hat ecosystem

Illustration of an encrypted contract

Confidential computing for Red Hat ecosystems

Meet IBM Confidential Computing Container Runtime for Red Hat® Virtualization Solutions and IBM Confidential Computing Containers for Red Hat® OpenShift Container Platform® for Red Hat® OpenShift®. These two powerful products secure sensitive data from development to deployment and throughout its usage in an application. Together, they form a hardware-based confidential computing foundation to protect your workloads across hybrid environments.
Enforced isolation for sensitive assets

Protect sensitive data, AI models and IP with infrastructure-enforced, policy-driven isolation across your hybrid environments.
Built-in AI and crypto acceleration

Run confidential workloads seamlessly with integrated AI and cryptographic acceleration in a unified stack.
Hardware-based trust and key control

Maintain full ownership and control of your encryption keys with unique hardware-based trust anchors.
Encrypted multiparty contract

Enable verifiable workload identity at deployment by using zero-knowledge proofs and encrypted, policy-bound contracts for different personas.

What's new

IBM Hyper Protect Red Hat ecosystem is now IBM Confidential Computing for Red Hat ecosystem

IBM Hyper Protect Confidential Containers for Red Hat OpenShift Container Platform is now IBM Confidential Computing Containers for Red Hat OpenShift Container Platform 

Read Now

IBM Hyper Protect Container Runtime for Red Hat Virtualization Solutions is now IBM Confidential Computing Container Runtime for Red Hat Virtualization Solutions 

Read Now

Features

Map of runtime isolation
Shared capability Container runtime isolation

Powered by IBM Secure Execution for Linux® (SEL), IBM Confidential Computing delivers container-level isolation on Linux on Z and LinuxONE. This secures workloads from the infrastructure up during development and deployment stages.
Diagram of multiparty contract enforcement
Shared capability Encrypted multiparty contract enforcement

Leverage encrypted contracts to manage workload identities and enforce zero-trust policies. This feature ensures predefined roles and least-privilege access are upheld, no matter who operates the workload environment.
Diagram of Encrypted contract
Red Hat Virtualization Solutions Embedded data-at-rest protection

With built-in cryptographic support through FIPS 140-2 Level 4 certified HSMs, both IBM Confidential Computing solutions ensure that sensitive data is always encrypted—even in shared or public cloud environments.
Diagram of Encrypted contract
Shared capability Independent attestation at deployment

IBM Confidential Computing offers secure workload verification at deployment time. Only signed, preapproved containers are allowed to run, with tamper-proof attestations and zero reliance on external trust systems.
Map of runtime isolation
Shared capability Container runtime isolation

Powered by IBM Secure Execution for Linux® (SEL), IBM Confidential Computing delivers container-level isolation on Linux on Z and LinuxONE. This secures workloads from the infrastructure up during development and deployment stages.
Diagram of multiparty contract enforcement
Shared capability Encrypted multiparty contract enforcement

Leverage encrypted contracts to manage workload identities and enforce zero-trust policies. This feature ensures predefined roles and least-privilege access are upheld, no matter who operates the workload environment.
Diagram of Encrypted contract
Red Hat Virtualization Solutions Embedded data-at-rest protection

With built-in cryptographic support through FIPS 140-2 Level 4 certified HSMs, both IBM Confidential Computing solutions ensure that sensitive data is always encrypted—even in shared or public cloud environments.
Diagram of Encrypted contract
Shared capability Independent attestation at deployment

IBM Confidential Computing offers secure workload verification at deployment time. Only signed, preapproved containers are allowed to run, with tamper-proof attestations and zero reliance on external trust systems.

Choose your product

Engineer working on computer in server room
IBM Confidential Computing Container Runtime for Red Hat Virtualization Solutions
Secures Linux containers on Red Hat Virtualization Solutions with hardware-based protection, shielding data and apps from internal and external threats.
Developer inspecting a system
IBM Confidential Computing Containers for Red Hat OpenShift Container Platform
Scales confidential computing on Red Hat OpenShift by encrypting workloads in policy-enforced containers, blocking access even from platform admins.
Use cases Digital assets with cold storage security

Protect digital assets and signing secrets that use IBM Confidential Computing Container Runtime for Red Hat Virtualization Solutions with Crypto Express. Trusted by blockchain providers like Metaco and Ripple, this combination ensures secure, offline signing and policy protection.

 Discover a solution for digital assets Identity-based secrets management

Eliminate risks tied to leaked credentials by securing application identities. Identity-based access control ensures that the secrets remain confidential, reducing human error and insider threat vectors.

 Privacy-protected services

Use IBM Confidential Computing Containers for Red Hat OpenShift Container Platform to leverage a confidential computing environment to secure and manage highly sensitive manufacturing data and design artifacts.

 Read the SEAL Systems case study Confidential AI in regulated industries

Ensure that AI models remain confidential during training and inference. Partners, like Jamworks, use IBM Confidential Computing to integrate AI while protecting proprietary content.

 Read the Jamworks case study Hybrid confidential cloud deployment

Anchor trust across hybrid environments by protecting cryptographic keys and enforcing attestation policies—even when workloads span x86 and LinuxONE platforms.

 Explore deployment considerations

Resources

IBM Confidential Computing Platform
Explore IIBM Confidential Computing Platform (2nd Gen), which enables secure, encrypted workloads with confidential computing.
Redbook: IBM Confidential Computing Platform
Read how to apply data protection and confidentiality in a hybrid cloud environment.
IBM Confidential Computing with OpenShift
Secure sensitive workloads using IIBM Confidential Computing and OpenShift sandboxed containers enabling confidential computing with VM-level isolation.
Confidential Containers on IBM
Learn how Red Hat OpenShift and IBM Secure Execution bring confidential computing to containerized workloads.
Take the next step

Discover how to advance confidential computing with IBM’s Confidential Computing Platform portfolio as a fully integrated part of the Red Hat ecosystem.