Jordi Guijarro, Principal Cloud-Edge Ecosystem Manager at OpenNebula Systems, published a post on June 9, 2026 announcing two related things. First, OpenNebula Systems has joined the Confidential Computing Consortium (CCC) as a General Member. Second, the project is now recognized in the consortium’s white paper, 3 Degrees of Confidential Computing, as a platform that supports Confidential Virtual Machines (CVMs).
The Confidential Computing Consortium brings together hardware vendors, cloud providers and software projects around protecting data in use, meaning while it sits in memory and is being processed, not only at rest on disk or in transit over the network. Having OpenNebula join as a member and show up in the report puts an open-source cloud management platform into a conversation that proprietary services have mostly dominated so far.
The three-level maturity model
The CCC report lays out a three-step progression for adopting confidential computing:
- Level 1, the entry point: hardware-backed Confidential Virtual Machines with minimal operational change.
- Level 2: attestation-based enforcement, where the state of the environment is cryptographically verified before it is trusted.
- Level 3: workload-level identity and verification.
The paper frames Level 1 as “hardware-backed protection with minimal operational change”: protection rooted in hardware without reworking how you operate. The point is to defend VMs against privileged actors on the host itself and against other tenants sharing the same infrastructure.
Confidential VMs over KVM
OpenNebula supports confidential workloads on KVM hypervisors using several hardware technologies:
- AMD SEV-SNP
- Intel TDX
- Arm CCA
The post backs the news with a screencast where OpenNebula manages confidential and standard VMs side by side. In the confidential ones, memory encryption is verified inside the guest itself and protected from host-level visibility. That is what separates a confidential VM from a regular one: not even whoever administers the physical machine can read what the VM holds in RAM.
What OpenNebula 7.2 brings
Version 7.2, released in 2026, expands this support with a few concrete pieces:
- Hardware-rooted trust.
- Memory encryption for KVM workloads.
- Virtual TPM integration.
- Stronger orchestration for sovereign clouds, GPU-accelerated systems and high-speed networking.
If you want to understand the layers underneath all this, our walkthrough of KVM, QEMU and libvirt helps place where each component does its job.
Who it is for
The clear audience is so-called AI Factories building sovereign AI services: organizations that train, fine-tune and serve models with sensitive data, proprietary weights, regulated datasets and enterprise knowledge bases. For them, the threat isn’t only the outside attacker but the shared infrastructure itself. OpenNebula’s pitch is to turn that confidential infrastructure into a repeatable, manageable, auditable service, integrated with scheduling, tenancy, networking, storage and Kubernetes orchestration.
For teams already running OpenNebula on KVM, the takeaway is direct: confidential computing stops being a bespoke setup and moves into the normal VM deployment flow.
Source
Original OpenNebula article: OpenNebula Highlighted in Confidential Computing Consortium Report, by Jordi Guijarro (June 9, 2026). Picked up by LinuxGratis as an aggregator of QEMU/KVM virtualization news.