I'm trying to wrap my head around the Azure confidential computing offering.
It appears that that AWS does not offer encryption at the application level (see diagram for what I mean by this:)
My question is: Is Azure's confidential computing essentially encrypted RAM?
The article you are referencing mentions encrypted RAM but that was only a reference to possibilities of enhancing the technology more in the future, not about the current state of confidential computing.
Confidential computing means, that when data is in use these things are prevented:
Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
Hackers and malware that exploit bugs in the operating system, application, or hypervisor
Third parties accessing it without their consent
according to Microsoft own announcement
So in other words, it is kind of equivalent to encryption and firewall that are seen in communication but this time applied to running programs in a Trusted Execution Environment (TEE), which the term for the area which is protected when server runs a program.
Azure's Confidential Computing leverages IntelĀ® SGX to enable applications run code inside secure enclaves. Intel Software Gaurd Extensions (SGX) use a Memory Encryption Engine that encrypts any enclave data that leaves the CPU cache to the RAM using a key that is only accessible to the processor, preventing attacks such as cold-boot, tapping on the memory bus, etc. It also provides isolation of the enclave's address space from any other entity (including the OS kernel and sudo users).
