Trust Domain Extensions
   HOME

TheInfoList



Click Here for Items Related To - Trust Domain Extensions
OR:
Trust Domain Extensions on:   [Wikipedia]   [Google]   [Amazon]

Intel Trust Domain Extensions (TDX) is a
CPU A central processing unit (CPU), also called a central processor, main processor, or just processor, is the primary processor in a given computer. Its electronic circuitry executes instructions of a computer program, such as arithmetic, log ...
-level technology proposed by
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, and Delaware General Corporation Law, incorporated in Delaware. Intel designs, manufactures, and sells computer compo ...
in May 2021 for implementing a
trusted execution environment A trusted execution environment (TEE) is a secure area of a Central processing unit, main processor. It helps the code and data loaded inside it be protected with respect to Information security#Confidentiality, confidentiality and integrity. Data ...
in which
virtual machines In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...
(called "Trust Domains", or TDs) are hardware-isolated from the host's Virtual Machine Monitor (VMM), hypervisor, and other software on the host. This hardware isolation is intended to prevent threat actors with administrative access or physical access to the virtual machine host from compromising aspects of the TD virtual machine's confidentiality and integrity. TDX also supports a remote attestation feature which allows users to determine that a remote system has TDX protections enabled prior to sending it sensitive data. Intel TDX is of particular use for cloud providers, as it increases isolation of customer virtual machines and provides a higher level of assurance that the cloud provider cannot access the customer's data. Intel TDX was described in and is pending US patent number 20210141658A1.


Architecture overview

TDX consists of multiple components including Virtual Machine Extensions (VMX)
instruction set architecture In computer science, an instruction set architecture (ISA) is an abstract model that generally defines how software controls the CPU in a computer or a family of computers. A device or program that executes instructions described by that ISA, ...
(ISA) extensions, a technology for
memory Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembe ...
encryption, and a new
CPU A central processing unit (CPU), also called a central processor, main processor, or just processor, is the primary processor in a given computer. Its electronic circuitry executes instructions of a computer program, such as arithmetic, log ...
operation mode called SEAM ("Secure Arbitration Mode"), which hosts the TDX module.


Memory protections

TDX defines two classes of memory: shared memory and private memory. Shared memory is intended to be used for communicating with the TD host and may receive some TDX protections. Private memory received full TDX confidentiality and integrity protections. TDX implements memory protection by encrypting the TD's memory with a per-TD AES-XTS 128-bit key. To avoid leaking ciphertext, memory access is limited to being from the SEAM mode and
direct memory access Direct memory access (DMA) is a feature of computer systems that allows certain hardware subsystems to access main system computer memory, memory independently of the central processing unit (CPU). Without DMA, when the CPU is using programmed i ...
is unavailable. If memory integrity protections are enabled, a MAC using SHA-3-256 is generated for the private memory and if the MAC validation fails, the TD VM is terminated. TD VM registers are also kept confidential by storing them in a per-TD save state and scrubbing them when the TD returns control to the VMM.


Guest-hypervisor communication

TDX provides hardware isolation of TD VMs by brokering all VMM to TD communication through the TDX module and preventing the VMM from accessing the TD's data. The VMM communicates to the TDX module using new SEAMCALL and SEAMRET CPU instructions. SEAMCALL is used by the VMM to invoke the TDX module to create, delete, or execute a TD. SEAMRET is used by the TDX module to return execution back to the VMM.


Remote attestation

TDX's remote attestation feature builds on the SGX technology to allow someone to determine that a remote TD has TDX protections enabled prior to sending it sensitive data. The remote attestation report can be generated by the TDX module calling the SEAMREPORT instruction. The SEAMREPORT instruction generates a MAC-signed "Report" structure which includes information such as the version numbers of the TDX's components. The VMM would then use SGX enclaves to convert that "Report" structure into a remotely verifiable "Quote", which it would send to the system requesting attestation.


Hardware and operating system support

TDX is available for 5th generation Intel
Xeon Xeon (; ) is a brand of x86 microprocessors designed, manufactured, and marketed by Intel, targeted at the non-consumer workstation, server, and embedded markets. It was introduced in June 1998. Xeon processors are based on the same archite ...
processors (codename Emerald Rapids) and Edge Enhanced Compute variants of 4th generation Xeon processors (codename
Sapphire Rapids Sapphire Rapids is a codename for Intel's server (fourth generation Xeon Scalable) and workstation (Xeon W-2400/2500 and Xeon W-3400/3500) processors based on the Golden Cove microarchitecture and produced using Intel 7. It features up to 60 c ...
). First patches to support TDX technology in the Linux kernel were posted in the
Linux kernel mailing list The Linux kernel mailing list (LKML) is the main electronic mailing list for Linux kernel development, where the majority of the announcements, discussions, debates, and flame wars over the kernel take place. Many other mailing lists exist to d ...
around June 2021, were merged on May 24, 2022, and were included in the mainline Linux Kernel version 5.19. Microsoft Azure has announced that as of April 24, 2023 their new DCesv5-series and ECesv5-series virtual machines would support Intel TDX. They have also published information how to use Intel TDX as part of Microsoft Azure Attestation.


Comparisons to SGX

TDX is somewhat similar to SGX, as in that both are implementations of
trusted execution environment A trusted execution environment (TEE) is a secure area of a Central processing unit, main processor. It helps the code and data loaded inside it be protected with respect to Information security#Confidentiality, confidentiality and integrity. Data ...
s. However, they are significantly different in the scope of the protections and that SGX requires that applications be rewritten to support SGX, while TDX only requires support at the hardware and operating system levels. On the VMM host, TDX involves the use of SGX enclaves to enable support for remote attestation. Additionally, even an operating system which does not support running as a TD VM can be protected by being launched as a nested VM within a TD VM.


References

{{reflist, refs= {{cite web , url=https://learn.microsoft.com/en-us/azure/attestation/trust-domain-extensions-eat-profile , title=Azure Attestation EAT profile for Intel® Trust Domain Extensions (TDX) , date=19 October 2023 , access-date=20 November 2023 {{cite web , url=https://techcommunity.microsoft.com/t5/azure-confidential-computing/preview-introducing-dcesv5-and-ecesv5-series-confidential-vms/ba-p/3800718 , title=Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX , date=24 April 2023 , access-date=5 September 2023 {{cite journal , last1=Sardar , first1=Muhammad Usama , last2=Musaev , first2=Saidgani , date=7 June 2021 , title=Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification , url=https://ieeexplore.ieee.org/document/9448036 , journal=IEEE Access , volume=9 , pages=83067–83079 , doi=10.1109/ACCESS.2021.3087421 , bibcode=2021IEEEA...983067S , s2cid=235455870 , access-date=20 September 2023, doi-access=free {{cite web , url=https://cloud.google.com/blog/products/identity-security/rsa-google-intel-confidential-computing-more-secure , title=How Google and Intel make Confidential Computing more secure , date=24 April 2023 , access-date=20 September 2023 {{cite arXiv , last=Cheng , first=Pau-Chen , date=27 March 2023 , title=Intel TDX Demystified: A Top-Down Approach , eprint=2303.15540 , class=cs.CR {{cite web , url=https://www.intel.com/content/www/us/en/support/articles/000091103/processors/intel-xeon-processors.html , title=What Intel® Xeon Processors Support for Intel® Trust Domain Extensions (Intel® TDX)? , access-date=5 September 2023 {{cite web , url=https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html , title=Intel® Trust Domain Extensions (Intel® TDX) , access-date=7 November 2021 {{cite web , url=https://www.kernel.org/doc/html/next/x86/tdx.html , title=20. Intel Trust Domain Extensions (TDX) , access-date=5 September 2023 {{cite web , url=https://yhbt.net/lore/all/20210618225755.662725-3-sathyanarayanan.kuppuswamy@linux.intel.com , title=Add INTEL_TDX_GUEST config option to selectively compile TDX guest support , date=18 June 2021 {{cite report , doi=10.6028/NIST.IR.8320 , title=NIST IR 8320 Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases , date=May 2022 , last1=Bartock , first1=Michael , last2=Souppaya , first2=Murugiah , last3=Savino , first3=Ryan , last4=Knoll , first4=Tim , last5=Shetty , first5=Uttam , last6=Cherfaoui , first6=Mourad , last7=Yeluri , first7=Raghu , last8=Malhotra , first8=Akash , last9=Banks , first9=Don, last10=Jordan, first10=Michael , last11=Pendarakis , first11=Dimitrios , last12=Rao , first12=J. R. , last13=Romness , first13=Peter , last14=Scarfone , first14=Karen {{cite web , url=https://www.redhat.com/en/blog/confidential-computing-platform-specific-details , title=Confidential computing platform-specific details , date=16 June 2023 {{cite patent, country = US, number = 20210141658A1, inventor = Ravi Sahita, Vedvyas Shanbhogue, status = application, title = Method and apparatus for trusted devices using trust domain extensions, pubdate = 2020-11-11, url = https://patents.google.com/patent/US20210141658A1/en {{cite web , url=https://www.canarybit.eu/intel-sgx-vs-tdx-what-is-the-difference/ , title=Intel SGX vs TDX: what is the difference? , date=27 July 2022 {{cite web , url=https://cdrdv2-public.intel.com/726792/TDX%20Guest-Hypervisor%20Communication%20Interface_1.5_348552_004%20-%2020230317.pdf , title=Guest Hypervisor Communication Interface (GHCI) for Intel® Trust Domain Extensions (Intel® TDX)1.5 , date=March 2023 {{cite web , url=https://lore.kernel.org/lkml/[email protected]/t/#mffd4160638e5f6f972f55f0f3ce10b6ed24bdb36 , title=x86/tdx for 5.19 , date=24 May 2022 {{cite web , url=https://cdrdv2-public.intel.com/690419/TDX-Whitepaper-February2022.pdf , title=Intel® Trust Domain Extensions , date=February 2022 Computer-related introductions in 2021 X86 instructions Intel Cybersecurity engineering