The fourth substrate, even the vendor can't read.
A fourth deployment substrate beyond DM.01 managed SaaS, DM.02 customer cloud and DM.03 sovereign datacenter. Workloads run inside hardware-enforced TEEs (Nitro Enclaves, Intel SGX, AMD SEV-SNP) — FlyttGo holds no tenant key material, ever, and cannot read memory even from privileged operator accounts.
Four anchors that move the trust boundary.
- CC.PR.01
TEE-isolated workloads
Workloads run inside hardware-enforced trusted execution environments. AWS Nitro Enclaves on AWS, Intel SGX on customer-cloud, AMD SEV-SNP on sovereign datacenter. The vendor (FlyttGo) cannot read tenant memory, ever, even from a privileged operator account.
- CC.PR.02
Attestation on every spin-up
Every TEE instance produces a hardware-signed attestation report on boot — measuring the kernel, the runtime, and the workload code. Tenants verify the attestation against a published manifest before releasing any tenant-managed key.
- CC.PR.03
Optional homomorphic analytics
For programmes where even the trusted enclave cannot see plaintext (defence, intelligence), Civitas + EduPro analytics can run under partially-homomorphic encryption. Throughput is lower; cryptographic guarantees are absolute.
- CC.PR.04
BYOK · keys never leave
Tenant-managed keys live in a tenant-controlled HSM and are released only to an attested enclave for a bounded session. FlyttGo never holds key material; rotation is initiated tenant-side.
Four hardware modes, one orchestration contract.
| Code | Hardware | Cloud / substrate | Attestation | Status |
|---|---|---|---|---|
| DM.04.NE | AWS Nitro Enclaves | AWS · regions per tenant | Nitro-signed attestation document | Preview |
| DM.04.SG | Intel SGX | Customer-cloud · Azure / GCP confidential VMs | Intel DCAP / Azure Attestation | Preview |
| DM.04.SP | AMD SEV-SNP | Customer-cloud + sovereign datacenter | SEV-SNP guest attestation report | Preview |
| DM.04.NV | NVIDIA Confidential Computing (H100) | Customer-cloud · GPU-accelerated workloads For AI inference under TEE — landing alongside the AI procurement assistant in Q3 2026. | NVIDIA local + remote attestation | Planned |
- CC.UC.01
Defence + intelligence
Workloads where even the cloud operator cannot see plaintext. Air-gapped sovereign deployments overlap with confidential compute for the strongest posture.
- CC.UC.02
Regulated finance
PCI DSS Level 1 workloads with cardholder data, treasury operations, AML investigation flows. Memory-isolation removes the privileged-insider attack vector.
- CC.UC.03
Healthcare + research
Multi-party computation across hospital networks where the data union must run without any party seeing the others. Civitas + EduPro analytics under confidential compute.
- CC.UC.04
Sovereign cross-border
EU member-state programmes that share telemetry across borders without violating data-residency law. Each enclave is regulator-attested in-country.
Most programmes don't need DM.04. The 9-criterion deployment-substrate matrix in the research library (RS.08) shows when DM.02 customer cloud or DM.03 sovereign is the right call instead.
DM.04 sits inside the broader four-substrate framework.
Confidential compute is one shape among four. The four pathways below take a procurement team from this surface to a signed engagement.
- DM.00
All four substrates
DM.01 SaaS · DM.02 customer cloud · DM.03 sovereign · DM.04 confidential. Compatibility matrix on the page.
DM.01 → DM.04 - RS.08
Substrate selection runbook
9-criterion decision matrix that picks the right substrate per programme — surfaces the right answer in under an hour.
RS.08 · 20 pages - PQ.00
Post-quantum
TEE attestation + KMS migrate alongside the platform PQ programme. BYOK with ML-KEM key wrap planned Q2 2027.
PQ.00 · 8 surfaces - CB.00
Open a confidential-compute scoping
Routed under CT.03 government pilot deployment session — TEE-led architecture review under MNDA.
CT.03 · CB.00