Skip to content

Commit f86e81e

Browse files
michamcrmichamcr
authored
Update confidential-computing-deployment-models.md
Improve grammar
1 parent a9a6194 commit f86e81e

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/confidential-computing/confidential-computing-deployment-models.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,9 +71,9 @@ VM admins or any other app or service running inside the VM, operate beyond the
7171

7272
### Application Enclaves
7373

74-
**Application Enclaves** such as Intel SGX protect memory spaces inside a VM with hardware-based encryption. The security boundary of application enclaves is more restricted than confidential VMs. For Intel SGX, the security boundary applies to portions of memory within a VM. Users, apps, and services running inside the VM can't access any data and code in execution inside the enclave.
74+
**Application Enclaves** protects memory spaces inside a VM with hardware-based encryption. The security boundary of application enclaves is more restricted than confidential VMs. For Intel SGX, the security boundary applies to portions of memory within a VM. Guest admins, apps, and services running inside the VM can't access any data and code in execution inside the enclave.
7575

76-
Intel SGX helps protect data in use by application isolation. By protecting selected code and data from modification, developers can partition their application into hardened enclaves or trusted execution modules to help increase application security. Entities outside the enclave can't read or write the enclave memory, whatever their permissions levels. The hypervisor or the operating system also can't obtain this access through normal OS-level calls. To call an enclave function, you have to use a new set of instructions in the Intel SGX CPUs. This process includes several protection checks.
76+
Intel SGX enhances application security by isolating data in use. It creates secure enclaves that prevent modifications to selected code and data, ensuring that only authorized code can access them. Even with high-level permissions, entities outside the enclave, including the OS and hypervisor, cannot access enclave memory through standard calls. Accessing enclave functions requires specific Intel SGX CPU instructions, which include multiple security checks.
7777

7878
![AppEnclaves](https://github.com/michamcr/azure-docs-pr/assets/63871188/bedacca5-fb81-4f9f-b6fb-51f90fccc372)
7979

0 commit comments

Comments
 (0)