Solution
Enclave OS
A secure operating system that keeps your data encrypted, even while it is being processed. It runs inside hardware-protected environments provided by the latest processors, and every connection is attested so you can verify exactly what is running.
Two editions. Same guarantees.
Enclave OS comes in two editions, each designed for a different trade-off between isolation and flexibility. Both provide attested connections, open-source transparency, and the same developer experience.
Enclave OS Mini
Maximum isolation with the smallest possible trust boundary. Your application runs as a lightweight module inside a secure enclave, alongside only the minimal code required to operate. Nothing else is present: no operating system kernel, no unnecessary libraries, no background services. This is the strongest protection available for the most sensitive workloads.
Enclave OS Virtual
Full virtual machine flexibility with hardware-encrypted memory. Run containers, standard Linux services, or complex multi-process applications inside a confidential VM. The trust boundary is larger, but you gain compatibility with the tools and workflows your team already uses.
Attested connections: trust what you can verify.
Every connection is attested
When you connect to an Enclave OS service, the TLS certificate itself carries proof of what hardware is running, what code is loaded, and how the service is configured. Verification happens during a standard TLS handshake: no special tools, no SDK, no custom protocol.
Configuration is measured
It is not enough to attest the code. The full configuration, including trust anchors, network policies, and application modules, is captured in a single measurement embedded in the certificate. If anything changes, the measurement changes, and verification fails.
Deploy on any major cloud.
Enclave OS is hardware-agnostic. It supports confidential computing capabilities from Intel, AMD, and other processor vendors, and runs on the leading cloud platforms.
Google Cloud
Confidential VMs in europe-west regions. Hardware-encrypted memory with built-in attestation.
Microsoft Azure
Secure enclaves and confidential VMs across multiple regions. Integrated with Azure Attestation.
OVHcloud
Bare-metal servers with secure enclave support. Full hardware control for on-premises-grade isolation in the cloud.
Deploy on the Privasys Platform.
The fastest way to run your application on Enclave OS is through the Developer Platform. Sign in with GitHub, link your repository or upload a pre-compiled module, and your code is deployed to hardware-protected infrastructure in minutes. Builds are reproducible, and every deployment is automatically attested.
Open source. Auditable. No lock-in.
Enclave OS is fully open source under the AGPL-3.0 licence. Every line of code that runs inside the enclave is available for audit. We believe transparency is not optional: it is the foundation of trust.