Confidential computing is not secure against a potential attacker who has physical access to the hardware. The CC security guarantees explicitly assume the attacker has no physical access.
> is not secure against a potential attacker who has physical access to the hardware.
Well, yes, its the oldest adage in computing that "physical access == game over".
So I would argue it is more about reducing your risk to a more acceptable level.
And in that respect I would say using services such as Tinfoil or Privatemode is an enormous step up from "trust me dude, we won't look at your data".
Remotely verifiable attestation combined with independent audits of the company hosting is a large step up from a Zero Data Retention clause in your contract that you have no way of verifying is actually happening other than "trust me dude".
Clearly I absolutely agree, having it on your own infrastructure is best for confidentiality. But even then, what about evil-maid attacks in the datacentre ? Unless you have your own datacentre, you're going to be in a shared colo facility ...
Yes. And its already on offer today.
See Tinfoil(US)[1] and Privatemode(Germany)[2]
Tinfoil have not been independently audited, it is somewhere on their long-term radar.
Privatemode have been thoroughly independently audited with documentation available on request.
[1]https://tinfoil.sh/ [2] https://www.privatemode.ai/