Confidential Computing enhances privacy of data in-use through hardware-based Trusted Execution Environments (TEEs) that use attestation to verify their integrity, authenticity, and certain runtime properties, along with those of the binaries they execute. However, TEEs require user trust, as attestation alone cannot guarantee the absence of vulnerabilities or backdoors. Enhanced transparency can mitigate the reliance on naive trust. Some organisations currently employ various transparency measures, including open-source firmware, publishing technical documentation, or undergoing external audits, but these require investments with unclear returns. This may discourage the adoption of transparency, leaving users with limited visibility into system privacy measures. Additionally, the lack of standardisation complicates meaningful comparisons between implementations. To address these challenges, we propose a three-level conceptual framework providing organisations with a practical pathway to incrementally improve Confidential Computing transparency. To evaluate whether our transparency framework contributes to an increase in end-user trust, we conducted an empirical study with over 800 non-expert participants. The results indicate that greater transparency improves user comfort, with participants willing to share various types of personal data across different levels of transparency. The study also reveals misconceptions about transparency, highlighting the need for clear communication and user education.

翻译：机密计算通过基于硬件的可信执行环境（TEE）增强了使用中数据的隐私性，TEE利用证明机制来验证其自身以及所执行二进制文件的完整性、真实性和某些运行时属性。然而，TEE需要用户信任，因为仅凭证明无法保证不存在漏洞或后门。增强透明度可以减轻对单纯信任的依赖。目前，一些组织采用了各种透明度措施，包括开源固件、发布技术文档或接受外部审计，但这些都需要投入，且回报不明确。这可能会阻碍透明度的采用，导致用户对系统隐私措施的可见性有限。此外，缺乏标准化使得不同实现之间的有意义的比较变得复杂。为了应对这些挑战，我们提出了一个三级概念框架，为组织提供了一条逐步提高机密计算透明度的实用路径。为了评估我们的透明度框架是否有助于增强最终用户的信任，我们对800多名非专业参与者进行了一项实证研究。结果表明，更高的透明度提升了用户的舒适度，参与者愿意在不同透明度级别下分享各类个人数据。该研究还揭示了关于透明度的误解，强调了清晰沟通和用户教育的必要性。