This work addresses the lack of fine-grained control over secure inter-component communication in existing trusted execution environments (TEEs), which forces multi-component TEE pipelines to rely on mutual trust and compromises the confidentiality of sensitive data exchanges. To resolve this, we propose Mica, an architecture built on Arm CCA that decouples confidentiality from trust assumptions in confidential computing. Mica introduces a novel policy language to explicitly define, constrain, and verify communication paths between components, thereby preventing leakage of sensitive data through shared resources or unintended interactions. For the first time, Mica enables provable control over communication paths and end-to-end confidentiality without requiring mutual trust among components. The design incurs only a modest expansion of the trusted computing base while supporting realistic cloud pipeline scenarios, significantly strengthening the security model of distributed TEE workflows in multi-tenant environments.

Confidential computing protects data in use within Trusted Execution Environments (TEEs), but current TEEs provide little support for secure communication between components. As a result, pipelines of independently developed and deployed TEEs must trust one another to avoid the leakage of sensitive information they exchange -- a fragile assumption that is unrealistic for modern cloud workloads. We present Mica, a confidential computing architecture that decouples confidentiality from trust. Mica provides tenants with explicit mechanisms to define, restrict, and attest all communication paths between components, ensuring that sensitive data cannot leak through shared resources or interactions. We implement Mica on Arm CCA using existing primitives, requiring only modest changes to the trusted computing base. Our extension adds a policy language to control and attest communication paths among Realms and with the untrusted world via shared protected and unprotected memory and control transfers. Our evaluation shows that Mica supports realistic cloud pipelines with only a small increase to the trusted computing base while providing strong, attestable confidentiality guarantees.