Intel Trust Domain Extensions (TDX) is a CPU-level technology proposed by Intel in May 2021 for implementing a trusted execution environment in which virtual machines (called "Trust Domains", or TDs) are hardware-isolated from the host's Virtual Machine Monitor (VMM), hypervisor, and other software on the host. This hardware isolation is intended to prevent threat actors with administrative access or physical access to the virtual machine host from compromising aspects of the TD virtual machine's confidentiality and integrity. TDX also supports a remote attestation feature which allows users to determine that a remote system has TDX protections enabled prior to sending it sensitive data. [1]
Intel TDX is of particular use for cloud providers, as it increases isolation of customer virtual machines and provides a higher level of assurance that the cloud provider cannot access the customer's data. [2] [3] [4] [5]
Intel TDX was described in and is pending US patent number 20210141658A1. [6]
TDX consists of multiple components including Virtual Machine Extensions (VMX) instruction set architecture (ISA) extensions, a technology for memory encryption, and a new CPU operation mode called SEAM ("Secure Arbitration Mode"), which hosts the TDX module. [7]
TDX defines two classes of memory: shared memory and private memory. Shared memory is intended to be used for communicating with the TD host and may receive some TDX protections. Private memory received full TDX confidentiality and integrity protections.
TDX implements memory protection by encrypting the TD's memory with a per-TD AES-XTS 128-bit key. To avoid leaking ciphertext, memory access is limited to being from the SEAM mode and direct memory access is unavailable. If memory integrity protections are enabled, a MAC using SHA-3-256 is generated for the private memory and if the MAC validation fails, the TD VM is terminated. TD VM registers are also kept confidential by storing them in a per-TD save state and scrubbing them when the TD returns control to the TD VM. [1] [8]
This section needs expansion. You can help by adding to it. (November 2021) |
TDX provides hardware isolation of TD VMs by brokering all VMM to TD communication through the TDX module and preventing the VMM from accessing the TD's data. The VMM communicates to the TDX module using new SEAMCALL
and SEAMRET
CPU instructions. SEAMCALL is used by the VMM to invoke the TDX module to create, delete, or execute a TD. SEAMRET is used by the TDX module to return execution back to the VMM. [1] [9] [10]
TDX's remote attestation feature builds on the SGX technology to allow someone to determine that a remote TD has TDX protections enabled prior to sending it sensitive data. The remote attestation report can be generated by the TDX module calling the SEAMREPORT instruction. The SEAMREPORT instruction generates a MAC-signed "Report" structure which includes information such as the version numbers of the TDX's components. The VMM would then use SGX enclaves to convert that "Report" structure into a remotely verifiable "Quote", which it would send to the system requesting attestation. [1]
TDX is available for 5th generation Intel Xeon processors (codename Emerald Rapids) and Edge Enhanced Compute variants of 4th generation Xeon processors (codename Sapphire Rapids). [11]
First patches to support TDX technology in the Linux kernel were posted in the Linux kernel mailing list around June 2021, [12] were merged on May 24, 2022, and were included in the mainline Linux Kernel version 5.19. [13]
Microsoft Azure has announced that as of April 24, 2023 their new DCesv5-series and ECesv5-series virtual machines would support Intel TDX. [14] They have also published information how to use Intel TDX as part of Microsoft Azure Attestation. [15]
TDX is somewhat similar to SGX, as in that both are implementations of trusted execution environments. However, they are significantly different in the scope of the protections and that SGX requires that applications be rewritten to support SGX, while TDX only requires support at the hardware and operating system levels. [16] On the VMM host, TDX involves the use of SGX enclaves to enable support for remote attestation. Additionally, even an operating system which does not support running as a TD VM can be protected by being launched as a nested VM within a TD VM. [1]
Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.
Xeon is a brand of x86 microprocessors designed, manufactured, and marketed by Intel, targeted at the non-consumer workstation, server, and embedded markets. It was introduced in June 1998. Xeon processors are based on the same architecture as regular desktop-grade CPUs, but have advanced features such as support for error correction code (ECC) memory, higher core counts, more PCI Express lanes, support for larger amounts of RAM, larger cache memory and extra provision for enterprise-grade reliability, availability and serviceability (RAS) features responsible for handling hardware exceptions through the Machine Check Architecture (MCA). They are often capable of safely continuing execution where a normal processor cannot due to these extra RAS features, depending on the type and severity of the machine-check exception (MCE). Some also support multi-socket systems with two, four, or eight sockets through use of the Ultra Path Interconnect (UPI) bus, which replaced the older QuickPath Interconnect (QPI) bus.
In computing, Physical Address Extension (PAE), sometimes referred to as Page Address Extension, is a memory management feature for the x86 architecture. PAE was first introduced by Intel in the Pentium Pro, and later by AMD in the Athlon processor. It defines a page table hierarchy of three levels (instead of two), with table entries of 64 bits each instead of 32, allowing these CPUs to directly access a physical address space larger than 4 gigabytes (232 bytes).
In the 80386 microprocessor and later, virtual 8086 mode allows the execution of real mode applications that are incapable of running directly in protected mode while the processor is running a protected mode operating system. It is a hardware virtualization technique that allowed multiple 8086 processors to be emulated by the 386 chip. It emerged from the painful experiences with the 80286 protected mode, which by itself was not suitable to run concurrent real-mode applications well. John Crawford developed the Virtual Mode bit at the register set, paving the way to this environment.
x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU.
A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an emulator, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical x86 machine. This contrasts with operating-system–level virtualization, where all instances must share a single kernel, though the guest operating systems can differ in user space, such as different Linux distributions with the same kernel.
A logical partition (LPAR) is a subset of a computer's hardware resources, virtualized as a separate computer. In effect, a physical machine can be partitioned into multiple logical partitions, each hosting a separate instance of an operating system.
Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889. Common uses are to verify platform integrity, and to store disk encryption keys.
Intel Trusted Execution Technology is a computer hardware technology of which the primary goals are:
In the x86 architecture, the CPUID instruction is a processor supplementary instruction allowing software to discover details of the processor. It was introduced by Intel in 1993 with the launch of the Pentium and SL-enhanced 486 processors.
Intel vPro technology is an umbrella marketing term used by Intel for a large collection of computer hardware technologies, including VT-x, VT-d, Trusted Execution Technology (TXT), and Intel Active Management Technology (AMT). When the vPro brand was launched, it was identified primarily with AMT, thus some journalists still consider AMT to be the essence of vPro.
In computing, virtualization (v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers.
Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables.
PrivateCore is a venture-backed startup located in Palo Alto, California that develops software to secure server data through server attestation and memory encryption. The company's attestation and memory encryption technology fills a gap that exists between “data in motion” encryption and “data at rest” encryption by protecting “data in use”. PrivateCore memory encryption technology protects against threats to servers such as cold boot attacks, hardware advanced persistent threats, rootkits/bootkits, computer hardware supply chain attacks, and physical threats to servers from insiders. PrivateCore was acquired by Facebook on 7 August 2014.
A trusted execution environment (TEE) is a secure area of a main processor. It helps the code and data loaded inside it be protected with respect to confidentiality and integrity. Data confidentiality prevents unauthorized entities from outside the TEE from reading data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in Intel SGX.
Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.
Foreshadow, known as L1 Terminal Fault (L1TF) by Intel, is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018. The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds. There are two versions: the first version (original/Foreshadow) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory. A listing of affected Intel hardware has been posted.
Ampere Computing LLC is an American fabless semiconductor company based in Santa Clara, California that develops processors for servers operating in large scale environments. It was founded in 2017 by Renée James.
Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively. It is designed to address software, protocol, cryptographic, and basic physical and supply-chain attacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology.