The FUJITSU-MONAKA project is a case study in how confidential computing can be embedded into silicon and software in a way that developers and operators can readily adopt alongside other Arm-based solutions.
FUJITSU-MONAKA is Fujitsu’s next-generation Armv9-based general processor, for high-performance computing (HPC), datacenter and edge computing, aimed at accelerating AI while meeting today’s security and sustainability needs. It builds on Fujitsu’s long heritage in supercomputing, mainframes and business servers, featuring:
Realm Management Extension (RME) introduces Realms: hardware-isolated execution environments that make the contents of sensitive workloads inaccessible to the host OS or hypervisor. Each Realm is protected with unique, hardware-derived keys. FUJITSU-MONAKA’s boot chain measures and verifies the Realm Management Monitor (RMM), which creates and manages Realms. When a Realm is launched, it generates an attestation token, a cryptographic proof that the workload is genuine and untampered and is running on a trustworthy platform. Tools for processing and verifying these claims are being developed in the open via the Confidential Computing Consortium (CCC).
For engineers, this means FUJITSU- MONAKA provides:
FUJITSU-MONAKA is a versatile platform that follows a hybrid AI strategy, assigning appropriate workloads across the full spectrum of AI to CPUs and GPUs. FUJITSU-MONAKA’s CPU architecture is specifically optimized for efficient AI inference at the edge and for smaller language models that should not require a GPU. Meanwhile, for more demanding AI training and large language models (LLMs), where additional processing capabilities are beneficial, FUJITSU-MONAKA is designed to seamlessly integrate with GPUs, offering customers the most optimal scalable solutions for their diverse workloads.
FUJITSU-MONAKA extends Realm isolation beyond the CPU, to encompass accelerators which are assigned to protected workloads. With Arm Confidential Computing Architecture (CCA), AI inference runs inside a Trusted Execution Environment (TEE), ensuring confidential data is processed securely and models remain protected from tampering.
Here, Device Assignment (DA) is critical: using IOMMU/SMMU isolation, hardware units that ensure devices only access authorized memory, FUJITSU-MONAKA achieves:
DA securely extends the Trusted Computing Base (TCB) to GPU devices, allowing data to flow confidentially between CPU and GPU. This enables end-to-end Confidential AI, combining high performance with data privacy and model integrity.
In addition to implementing RME memory isolation, Fujitsu also engineered FUJITSU-MONAKA’s hierarchical memory architecture, combined with:
This approach efficiently separates workloads and dynamically allocates resources to match application needs. The result is strong workload management across chiplets without sacrificing performance, a critical requirement for AI and HPC scenarios. With memory management and isolation built in at every layer, the next step was to ensure the full boot and trust chain reinforced these protections from silicon upward.
Fujitsu worked through the full trust chain to ensure confidentiality starts at silicon and extends up the stack:
These steps mean every confidential virtual machine (VM) or container launched on FUJITSU-MONAKA begins from a verifiable state. This is critical for regulated industries that need evidence for audits.
Fujitsu knew adoption depended on operators using familiar tools. FUJITSU-MONAKA integrates confidential computing into existing open-source platforms, with Fujitsu committed to delivering a robust CCA implementation built on open-source principles. This approach ensures reliability, transparency, and innovation, with Fujitsu contributing actively to the community.
Alongside integration with OpenStack, libvirt/QEMU, and KubeVirt, Fujitsu also contributes to the Confidential Containers (CoCo) project under the Cloud Native Computing Foundation (CNCF), focusing on extending CoCo Peer Pods beyond hyperscalers to support open source-based infrastructures like OpenStack. Fujitsu‘s development efforts span attestation software, enhancing its robust capabilities.
Specifically, Fujitsu is actively engaged in the Veraison project and collaborating with Arm to standardize attestation protocols like CoSERV. Through these initiatives, Fujitsu aims to democratize access to CCA across small and mid-sized public clouds, private on-prem environments, and deployments, enhancing data privacy and security wherever workloads run.
Key milestones in FUJITSU-MONAKA’s software stack development began with Fujitsu’s early commitment to Arm RME, recognizing the need for Confidential Computing. Intensive work on Arm FVP (Fixed Virtual Platform) and other emulation platforms allowed the team to accelerate CCA software development long before silicon availability.
This phase was not only about building but also about validating: Fujitsu used these emulation platforms to test, refine, and harden the CCA software stack against potential threats. Emulation-based development means that when FUJITSU-MONAKA hardware ships it will arrive robust, pre-validated, and deployment-ready.
Fujitsu’s collaboration with Arm dates back to the A64FX processor used in the Fugaku supercomputer, under an architectural partnership that established trust and technical alignment. This history carried through into Armv9, where Fujitsu and Arm held ongoing discussions about the architecture and the importance of CCA compliance. That close collaboration reinforced confidence as FUJITSU-MONAKA development advanced.
Beyond hardware, both companies promote the open and standardized use of Arm CCA, jointly contributing to the open-source community to develop key components for virtualization and containers. This partnership accelerates ecosystem growth and ensures CCA adoption across a broad set of environments.
FUJITSU-MONAKA demonstrates how Fujitsu has worked with Arm to bring confidential computing from concept to implementation. By combining Arm CCA with Fujitsu’s engineering across silicon, firmware, and software, FUJITSU-MONAKA delivers a practical platform that spans boot chains, accelerator integration, workload isolation, and open source adoption.
For more on FUJITSU-MONAKA, you can watch their presentation at OC3, 2025:
For more technical resources on Confidential Computing on Arm, visit Arm developer:
Confidential Computing overview
Footnote
[1] FUJITSU-MONAKA: This new technology applied to the FUJITSU-MONAKA is based on results obtained from a project subsidized by the New Energy and Industrial Technology Development Organization (NEDO).