Acronyms
Note:
Many terms not defined here are defined in the Kata Containers glossary.
See also the Glossary page.
0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
0-9
A
AA
AE
AEAD
Authenticated encryption with associated data.
AEK
Algorithm Encryption Key.
ARK
AMD Root Key
ASK
AMD SEV Key
AP
IBM Adjunct Processor.
AS
B
C
CA
CC
Confidential Computing or Confidential Containers.
CCA
ARM Confidential Computing Architecture.
CCC
Confidential Computing Consortium.
CDH
Confidential Data Hub.
CEK
AMD Chip Endorsement Key. See also VCEK
CFV
Configuration Firmware Volume.
CNCF
Cloud Native Computing Foundation.
CNS
COCO
Another term for CC.
CRL
CSI
CSP
Cloud Service Provider or Cryptographic Service Provider.
CVM
Confidential Virtual Machine (VM).
D
DCT
DSS
E
E2E
EAA
Enclave Attestation Architecture.
ECDSA
Elliptical Curve Digital Signature Algorithm
EFI
Extensible Firmware Interface.
EHD
ES
See SEV-ES
F
FIPS
Federal Information Processing Standards
FV
Firmware Volume, See Configuration Firmware Volume.
FW
Firmware.
G
GCM
GODH
Guest Owner's Diffie-Hellman, a terminology used notably by sevctl.
GOP
Guest owner proxy, another term for Key Broker Service. In the context of EFI firmware, refers to Graphics output protocol.
GSC
GUID
See also UUID.
H
HE
HKD
Host key document, IBM-specific host certificate.
HSM
HW-TEE
Hardware-based trusted execution environment.
I
IAAS
Infrastructure as a Service.
ISECL
Intel Security Libraries for the Data Center.
ISV
J
K
KBC
KBS
KDS
AMD Key Derivation Service, allowing cloud providers to generate keys for their customers.
KEK
KMIP
Key Management Interoperability Protocol.
KMS
KPP
L
LA
LEK
LUKS
Linux Unified Key Setup,
Linux disk encryption specification used by dm-crypt and cryptsetup.
M
MIM
Alternate form for MITM.
MITM
Man in the middle or, more infrequently, Meet in the middle, two forms of attack.
N
O
OCA
Owner's Certificate Authority, a certificate and key provided used to provision AMD SEV systems.
OEM
Original Equipment Manufacturer.
OPA
Open Policy Agent, policy-based control for cloud native environments.
OVMF
Open VM Firmware, UEFI firmware used by hypervisors.
P
PAL
PCR
Platform Configuration Register.
PDH
PEF
PEK
AMD Platform Endorsement Key, an asymetric signing key generated during one-time configuration, used to sign the PDH.
PEM
PKCS
Public Key Cryptography Standards.
PKI
PLBCO
Private Layer Block Cipher Options.
PSP
Q
QGS
SGX Quote Generation Service / Quote Generation Server.
R
RA
RATS
Remote Attestation Procedures.
RCAR
Request Challenge Attestation Response.
RTMR
S
SCE
SE
IBM Secure Execution.
SECL-DC
Intel Security Libraries for the Data Center.
SEV
AMD's Secure Encrypted Virtualization. Provides memory encryption, using one key per virtual machine to isolate guests and the hypervisor from one another.
SEV-ES
AMD's Secure Encrypted Virtualization-Encrypted State Adds CPU state integrity protection to SEV by encrypting all CPU register contents in the hypervisor-accessible state.
SEV-SNP
AMD's Secure Encrypted Virtualization Secure Nested Paging. SEV-SNP extends SEV-ES to provide integrity protection for memory pages, interrupts and more.
Unlike SEV-ES, SEV-SNP provides an attestation report to the guest at runtime.
SGX
Intel Software Guard Extensions.
See also SGX in the Kata Containers Glossary.
SHA
Secure Hash Algorithm, a family of cryptographically secure hash functions.
SME
AMD's Secure Memory Encryption. Traditionally, this can also refer to Subject Matter Expert or Small / Medium sized Enterprise.
SNP
See SEV-SNP
SVM
SVSM
Secure VM Service Module, services taking advantage of VMPL to
T
TB
TCB
TCM
TCMU
Target Core Mailbox in Userspace.
TD
TDE
TDVF
TDX
Intel Trusted Domain Extensions.
TEE
Trusted Execution Environment, such as can be provided by a TPM, SGX, TDX or SEV.
TLS
TPM
Trusted platform module, a dedicated micro controller used to store secrets such as cryptographic keys, a secure cryptographic processor.
TSM
TEE Security Manager.
TVM
Trusted Virtual Machine (VM).
TXT
Intel Trusted Execution Technology, a set of hardware extensions to Intel processors and chipsets that allow the authenticity of a system to be attested.
U
UEFI
Unified Extensible Firmware Interface, a standardized version of EFI.
UIO
UPM
Unmapped Private Memory.
UUID
Universally Unique Identifier.
See also GUID.
V
VCEK
AMD Versioned Chip Endorsement Key, derived from a chip-unique seed. See also CEK
VLEK
AMD Versioned Loaded Endorsement Key, derived from seed in Key Derivation Service (KDS), typically given to cloud provider.
VPC
VMPL
Virtual Machine Privilege Level, a new optional feature in AMD-SEV which allows a guest virtual machine to divide its address space into four levels, which can be used to provide hardware-isolated abstraction layers within a VM. See SVSM for an application
W
X
Y
Z
zstd
0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z