Trust Domain Extensions

Last updated

Intel Trust Domain Extensions (TDX) is a CPU-level technology proposed by Intel in May 2021 for implementing a trusted execution environment in which virtual machines (called "Trust Domains", or TDs) are hardware-isolated from the host's Virtual Machine Monitor (VMM), hypervisor, and other software on the host. This hardware isolation is intended to prevent threat actors with administrative access or physical access to the virtual machine host from compromising aspects of the TD virtual machine's confidentiality and integrity. TDX also supports a remote attestation feature which allows users to determine that a remote system has TDX protections enabled prior to sending it sensitive data. [1]

Contents

Intel TDX is of particular use for cloud providers, as it increases isolation of customer virtual machines and provides a higher level of assurance that the cloud provider cannot access the customer's data. [2] [3] [4] [5]

Intel TDX was described in and is pending US patent number 20210141658A1. [6]

Architecture overview

TDX consists of multiple components including Virtual Machine Extensions (VMX) instruction set architecture (ISA) extensions, a technology for memory encryption, and a new CPU operation mode called SEAM ("Secure Arbitration Mode"), which hosts the TDX module. [7]

Memory protections

TDX defines two classes of memory: shared memory and private memory. Shared memory is intended to be used for communicating with the TD host and may receive some TDX protections. Private memory received full TDX confidentiality and integrity protections.

TDX implements memory protection by encrypting the TD's memory with a per-TD AES-XTS 128-bit key. To avoid leaking ciphertext, memory access is limited to being from the SEAM mode and direct memory access is unavailable. If memory integrity protections are enabled, a MAC using SHA-3-256 is generated for the private memory and if the MAC validation fails, the TD VM is terminated. TD VM registers are also kept confidential by storing them in a per-TD save state and scrubbing them when the TD returns control to the TD VM. [1] [8]

Guest-hypervisor communication

TDX provides hardware isolation of TD VMs by brokering all VMM to TD communication through the TDX module and preventing the VMM from accessing the TD's data. The VMM communicates to the TDX module using new SEAMCALL and SEAMRET CPU instructions. SEAMCALL is used by the VMM to invoke the TDX module to create, delete, or execute a TD. SEAMRET is used by the TDX module to return execution back to the VMM. [1] [9] [10]

Remote attestation

TDX's remote attestation feature allows someone to determine that a remote TD has TDX protections enabled prior to sending it sensitive data. The remote attestation report can be generated by the TDX module calling the SEAMREPORT instruction. The SEAMREPORT instruction generates a MAC-signed "Report" structure which includes information such as the version numbers of the TDX's components. That VMM would then convert that "Report" structure into a remotely verifiable "Quote", which it would send to the system requesting attestation. [1]

Hardware and operating system support

TDX is available for 5th generation Intel Xeon processors (codename Emerald Rapids) and Edge Enhanced Compute variants of 4th generation Xeon processors (codename Sapphire Rapids). [11]

First patches to support TDX technology in the Linux kernel were posted in the Linux kernel mailing list around June 2021, [12] were merged on May 24, 2022, and were included in the mainline Linux Kernel version 5.19. [13]

Microsoft Azure has announced that as of April 24, 2023 their new DCesv5-series and ECesv5-series virtual machines would support Intel TDX. [14] They have also published information how to use Intel TDX as part of Microsoft Azure Attestation. [15]

Comparisons to SGX

TDX is somewhat similar to SGX, as in that both are implementations of trusted execution environments. However, they are significantly different in the scope of the protections and that SGX requires that applications be rewritten to support SGX, while TDX only requires support at the hardware and operating system levels. [16] Additionally, even an operating system which does not support running as a TD VM can be protected by being launched as a nested VM within a TD VM. [1]

Related Research Articles

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.

<span class="mw-page-title-main">Xeon</span> Line of Intel server and workstation processors

Xeon is a brand of x86 microprocessors designed, manufactured, and marketed by Intel, targeted at the non-consumer workstation, server, and embedded markets. It was introduced in June 1998. Xeon processors are based on the same architecture as regular desktop-grade CPUs, but have advanced features such as support for error correction code (ECC) memory, higher core counts, more PCI Express lanes, support for larger amounts of RAM, larger cache memory and extra provision for enterprise-grade reliability, availability and serviceability (RAS) features responsible for handling hardware exceptions through the Machine Check Architecture (MCA). They are often capable of safely continuing execution where a normal processor cannot due to these extra RAS features, depending on the type and severity of the machine-check exception (MCE). Some also support multi-socket systems with two, four, or eight sockets through use of the Ultra Path Interconnect (UPI) bus.

In computing, Physical Address Extension (PAE), sometimes referred to as Page Address Extension, is a memory management feature for the x86 architecture. PAE was first introduced by Intel in the Pentium Pro, and later by AMD in the Athlon processor. It defines a page table hierarchy of three levels (instead of two), with table entries of 64 bits each instead of 32, allowing these CPUs to directly access a physical address space larger than 4 gigabytes (232 bytes).

The x86 instruction set refers to the set of instructions that x86-compatible microprocessors support. The instructions are usually part of an executable program, often stored as a computer file and executed on the processor.

x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889.

Intel Trusted Execution Technology is a computer hardware technology of which the primary goals are:

In computing, hardware-assisted virtualization is a platform virtualization approach that enables efficient full virtualization using help from hardware capabilities, primarily from the host processors. A full virtualization is used to emulate a complete hardware environment, or virtual machine, in which an unmodified guest operating system effectively executes in complete isolation. Hardware-assisted virtualization was added to x86 processors in 2005, 2006 and 2010 (respectively).

<span class="mw-page-title-main">Intel vPro</span> Umbrella marketing term by Intel

Intel vPro technology is an umbrella marketing term used by Intel for a large collection of computer hardware technologies, including VT-x, VT-d, Trusted Execution Technology (TXT), and Intel Active Management Technology (AMT). When the vPro brand was launched, it was identified primarily with AMT, thus some journalists still consider AMT to be the essence of vPro.

Hardware virtualization is the virtualization of computers as complete hardware platforms, certain logical abstractions of their componentry, or only the functionality required to run various operating systems. Virtualization hides the physical characteristics of a computing platform from the users, presenting instead an abstract computing platform. At its origins, the software that controlled virtualization was called a "control program", but the terms "hypervisor" or "virtual machine monitor" became preferred over time.

<span class="mw-page-title-main">Intel Active Management Technology</span> Out-of-band management platform by Intel

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

<span class="mw-page-title-main">TenAsys</span> American software company

TenAsys is a privately owned company providing real-time software and services based on the x86 Intel Architecture and Microsoft Windows operating system.

Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables.

PrivateCore is a venture-backed startup located in Palo Alto, California that develops software to secure server data through server attestation and memory encryption. The company's attestation and memory encryption technology fills a gap that exists between “data in motion” encryption and “data at rest” encryption by protecting “data in use”. PrivateCore memory encryption technology protects against threats to servers such as cold boot attacks, hardware advanced persistent threats, rootkits/bootkits, computer hardware supply chain attacks, and physical threats to servers from insiders. PrivateCore was acquired by Facebook on 7 August 2014.

A trusted execution environment (TEE) is a secure area of a main processor. It helps code and data loaded inside it to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.

Sapphire Rapids is a codename for Intel's server and workstation processors based on the Golden Cove microarchitecture and produced using Intel 7. It features up to 60 cores and an array of accelerators.

<span class="mw-page-title-main">Foreshadow</span> Hardware vulnerability for Intel processors

Foreshadow, known as L1 Terminal Fault (L1TF) by Intel, is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018. The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds. There are two versions: the first version (original/Foreshadow) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory. A listing of affected Intel hardware has been posted.

<span class="mw-page-title-main">Ampere Computing</span> American fabless semiconductor company

Ampere Computing LLC is an American fabless semiconductor company based in Santa Clara, California that develops processors for servers operating in large scale environments. Ampere also has offices in: Portland, Oregon; Taipei, Taiwan; Raleigh, North Carolina; Bangalore, India; Warsaw, Poland; and Ho Chi Minh City, Vietnam.

Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology.

References

  1. 1 2 3 4 5 "Intel® Trust Domain Extensions" (PDF). February 2022.
  2. "How Google and Intel make Confidential Computing more secure". 24 April 2023. Retrieved 20 September 2023.
  3. Cheng, Pau-Chen (27 March 2023). "Intel TDX Demystified: A Top-Down Approach". arXiv: 2303.15540 [cs.CR].
  4. Sardar, Muhammad Usama; Musaev, Saidgani (7 June 2021). "Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification". IEEE Access. 9: 83067–83079. Bibcode:2021IEEEA...983067S. doi:10.1109/ACCESS.2021.3087421. S2CID   235455870 . Retrieved 20 September 2023.
  5. Bartock, Michael; Souppaya, Murugiah; Savino, Ryan; Knoll, Tim; Shetty, Uttam; Cherfaoui, Mourad; Yeluri, Raghu; Malhotra, Akash; Banks, Don; Jordan, Michael; Pendarakis, Dimitrios; Rao, J. R.; Romness, Peter; Scarfone, Karen (May 2022). NIST IR 8320 Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases (Report). doi:10.6028/NIST.IR.8320.
  6. USapplication 20210141658A1,Ravi Sahita, Vedvyas Shanbhogue,"Method and apparatus for trusted devices using trust domain extensions",published 2020-11-11
  7. "Intel® Trust Domain Extensions (Intel® TDX)" . Retrieved 7 November 2021.
  8. "20. Intel Trust Domain Extensions (TDX)" . Retrieved 5 September 2023.
  9. "Guest Hypervisor Communication Interface (GHCI) for Intel® Trust Domain Extensions (Intel® TDX)1.5" (PDF). March 2023.
  10. "Confidential computing platform-specific details". 16 June 2023.
  11. "What Intel® Xeon Processors Support for Intel® Trust Domain Extensions (Intel® TDX)?" . Retrieved 5 September 2023.
  12. "Add INTEL_TDX_GUEST config option to selectively compile TDX guest support". 18 June 2021.
  13. "x86/tdx for 5.19". 24 May 2022.
  14. "Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX". 24 April 2023. Retrieved 5 September 2023.
  15. "Azure Attestation EAT profile for Intel® Trust Domain Extensions (TDX)". 19 October 2023. Retrieved 20 November 2023.
  16. "Intel SGX vs TDX: what is the difference?". 27 July 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.