Trust Domain Extensions

Last updated

Intel Trust Domain Extensions (TDX) is a CPU-level technology proposed by Intel in May 2021 for implementing a trusted execution environment in which virtual machines (called "Trust Domains", or TDs) are hardware-isolated from the host's Virtual Machine Monitor (VMM), hypervisor, and other software on the host. This hardware isolation is intended to prevent threat actors with administrative access or physical access to the virtual machine host from compromising aspects of the TD virtual machine's confidentiality and integrity. TDX also supports a remote attestation feature which allows users to determine that a remote system has TDX protections enabled prior to sending it sensitive data. [1]

Contents

Intel TDX is of particular use for cloud providers, as it increases isolation of customer virtual machines and provides a higher level of assurance that the cloud provider cannot access the customer's data. [2] [3] [4] [5]

Intel TDX was described in and is pending US patent number 20210141658A1. [6]

Architecture overview

TDX consists of multiple components including Virtual Machine Extensions (VMX) instruction set architecture (ISA) extensions, a technology for memory encryption, and a new CPU operation mode called SEAM ("Secure Arbitration Mode"), which hosts the TDX module. [7]

Memory protections

TDX defines two classes of memory: shared memory and private memory. Shared memory is intended to be used for communicating with the TD host and may receive some TDX protections. Private memory received full TDX confidentiality and integrity protections.

TDX implements memory protection by encrypting the TD's memory with a per-TD AES-XTS 128-bit key. To avoid leaking ciphertext, memory access is limited to being from the SEAM mode and direct memory access is unavailable. If memory integrity protections are enabled, a MAC using SHA-3-256 is generated for the private memory and if the MAC validation fails, the TD VM is terminated. TD VM registers are also kept confidential by storing them in a per-TD save state and scrubbing them when the TD returns control to the TD VM. [1] [8]

Guest-hypervisor communication

TDX provides hardware isolation of TD VMs by brokering all VMM to TD communication through the TDX module and preventing the VMM from accessing the TD's data. The VMM communicates to the TDX module using new SEAMCALL and SEAMRET CPU instructions. SEAMCALL is used by the VMM to invoke the TDX module to create, delete, or execute a TD. SEAMRET is used by the TDX module to return execution back to the VMM. [1] [9] [10]

Remote attestation

TDX's remote attestation feature allows someone to determine that a remote TD has TDX protections enabled prior to sending it sensitive data. The remote attestation report can be generated by the TDX module calling the SEAMREPORT instruction. The SEAMREPORT instruction generates a MAC-signed "Report" structure which includes information such as the version numbers of the TDX's components. That VMM would then convert that "Report" structure into a remotely verifiable "Quote", which it would send to the system requesting attestation. [1]

Hardware and operating system support

TDX is available for 5th generation Intel Xeon processors (codename Emerald Rapids) and Edge Enhanced Compute variants of 4th generation Xeon processors (codename Sapphire Rapids). [11]

First patches to support TDX technology in the Linux kernel were posted in the Linux kernel mailing list around June 2021, [12] were merged on May 24, 2022, and were included in the mainline Linux Kernel version 5.19. [13]

Microsoft Azure has announced that as of April 24, 2023 their new DCesv5-series and ECesv5-series virtual machines would support Intel TDX. [14] They have also published information how to use Intel TDX as part of Microsoft Azure Attestation. [15]

Comparisons to SGX

TDX is somewhat similar to SGX, as in that both are implementations of trusted execution environments. However, they are significantly different in the scope of the protections and that SGX requires that applications be rewritten to support SGX, while TDX only requires support at the hardware and operating system levels. [16] Additionally, even an operating system which does not support running as a TD VM can be protected by being launched as a nested VM within a TD VM. [1]

Related Research Articles

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.

<span class="mw-page-title-main">Xeon</span> Line of Intel server and workstation processors

Xeon is a brand of x86 microprocessors designed, manufactured, and marketed by Intel, targeted at the non-consumer workstation, server, and embedded markets. It was introduced in June 1998. Xeon processors are based on the same architecture as regular desktop-grade CPUs, but have advanced features such as support for error correction code (ECC) memory, higher core counts, more PCI Express lanes, support for larger amounts of RAM, larger cache memory and extra provision for enterprise-grade reliability, availability and serviceability (RAS) features responsible for handling hardware exceptions through the Machine Check Architecture (MCA). They are often capable of safely continuing execution where a normal processor cannot due to these extra RAS features, depending on the type and severity of the machine-check exception (MCE). Some also support multi-socket systems with two, four, or eight sockets through use of the Ultra Path Interconnect (UPI) bus, which replaced the older QuickPath Interconnect (QPI) bus.

In computing, Physical Address Extension (PAE), sometimes referred to as Page Address Extension, is a memory management feature for the x86 architecture. PAE was first introduced by Intel in the Pentium Pro, and later by AMD in the Athlon processor. It defines a page table hierarchy of three levels (instead of two), with table entries of 64 bits each instead of 32, allowing these CPUs to directly access a physical address space larger than 4 gigabytes (232 bytes).

The x86 instruction set refers to the set of instructions that x86-compatible microprocessors support. The instructions are usually part of an executable program, often stored as a computer file and executed on the processor.

In the 80386 microprocessor and later, virtual 8086 mode allows the execution of real mode applications that are incapable of running directly in protected mode while the processor is running a protected mode operating system. It is a hardware virtualization technique that allowed multiple 8086 processors to be emulated by the 386 chip. It emerged from the painful experiences with the 80286 protected mode, which by itself was not suitable to run concurrent real-mode applications well. John Crawford developed the Virtual Mode bit at the register set, paving the way to this environment.

x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU.

A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an emulator, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical x86 machine. This contrasts with operating-system–level virtualization, where all instances must share a single kernel, though the guest operating systems can differ in user space, such as different Linux distributions with the same kernel.

In the x86 architecture, the CPUID instruction is a processor supplementary instruction allowing software to discover details of the processor. It was introduced by Intel in 1993 with the launch of the Pentium and SL-enhanced 486 processors.

<span class="mw-page-title-main">Kernel-based Virtual Machine</span> Virtualization module in the Linux kernel

Kernel-based Virtual Machine (KVM) is a free and open-source virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KVM requires a processor with hardware virtualization extensions, such as Intel VT or AMD-V. KVM has also been ported to other operating systems such as FreeBSD and illumos in the form of loadable kernel modules.

<span class="mw-page-title-main">Virtualization</span> Methods for dividing computing resources

In computing, virtualization (v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers.

An embedded hypervisor is a hypervisor that supports the requirements of embedded systems.

Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables.

PrivateCore is a venture-backed startup located in Palo Alto, California that develops software to secure server data through server attestation and memory encryption. The company's attestation and memory encryption technology fills a gap that exists between “data in motion” encryption and “data at rest” encryption by protecting “data in use”. PrivateCore memory encryption technology protects against threats to servers such as cold boot attacks, hardware advanced persistent threats, rootkits/bootkits, computer hardware supply chain attacks, and physical threats to servers from insiders. PrivateCore was acquired by Facebook on 7 August 2014.

A trusted execution environment (TEE) is a secure area of a main processor. It helps the code and data loaded inside it be protected with respect to confidentiality and integrity. Data confidentiality prevents unauthorized entities from outside the TEE from reading data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in Intel SGX.

Datain use is an information technology term referring to active data which is stored in a non-persistent digital state typically in computer random-access memory (RAM), CPU caches, or CPU registers.

Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.

<span class="mw-page-title-main">Foreshadow</span> Hardware vulnerability for Intel processors

Foreshadow, known as L1 Terminal Fault (L1TF) by Intel, is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018. The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds. There are two versions: the first version (original/Foreshadow) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory. A listing of affected Intel hardware has been posted.

<span class="mw-page-title-main">Ampere Computing</span> American fabless semiconductor company

Ampere Computing LLC is an American fabless semiconductor company based in Santa Clara, California that develops processors for servers operating in large scale environments. It was founded in 2017 by Renée James.

Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology.

References

  1. 1 2 3 4 5 "Intel® Trust Domain Extensions" (PDF). February 2022.
  2. "How Google and Intel make Confidential Computing more secure". 24 April 2023. Retrieved 20 September 2023.
  3. Cheng, Pau-Chen (27 March 2023). "Intel TDX Demystified: A Top-Down Approach". arXiv: 2303.15540 [cs.CR].
  4. Sardar, Muhammad Usama; Musaev, Saidgani (7 June 2021). "Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification". IEEE Access. 9: 83067–83079. Bibcode:2021IEEEA...983067S. doi:10.1109/ACCESS.2021.3087421. S2CID   235455870 . Retrieved 20 September 2023.
  5. Bartock, Michael; Souppaya, Murugiah; Savino, Ryan; Knoll, Tim; Shetty, Uttam; Cherfaoui, Mourad; Yeluri, Raghu; Malhotra, Akash; Banks, Don; Jordan, Michael; Pendarakis, Dimitrios; Rao, J. R.; Romness, Peter; Scarfone, Karen (May 2022). NIST IR 8320 Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases (Report). doi:10.6028/NIST.IR.8320.
  6. USapplication 20210141658A1,Ravi Sahita, Vedvyas Shanbhogue,"Method and apparatus for trusted devices using trust domain extensions",published 2020-11-11
  7. "Intel® Trust Domain Extensions (Intel® TDX)" . Retrieved 7 November 2021.
  8. "20. Intel Trust Domain Extensions (TDX)" . Retrieved 5 September 2023.
  9. "Guest Hypervisor Communication Interface (GHCI) for Intel® Trust Domain Extensions (Intel® TDX)1.5" (PDF). March 2023.
  10. "Confidential computing platform-specific details". 16 June 2023.
  11. "What Intel® Xeon Processors Support for Intel® Trust Domain Extensions (Intel® TDX)?" . Retrieved 5 September 2023.
  12. "Add INTEL_TDX_GUEST config option to selectively compile TDX guest support". 18 June 2021.
  13. "x86/tdx for 5.19". 24 May 2022.
  14. "Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX". 24 April 2023. Retrieved 5 September 2023.
  15. "Azure Attestation EAT profile for Intel® Trust Domain Extensions (TDX)". 19 October 2023. Retrieved 20 November 2023.
  16. "Intel SGX vs TDX: what is the difference?". 27 July 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.