Trust Domain Extensions

This article, Trust Domain Extensions, has recently been created via the Articles for creation process. Please check to see if the reviewer has accidentally left this template after accepting the draft and take appropriate action as necessary. Reviewer tools: Inform author

• Comment: Good topic. First develop this at the draft phase and then directly move it to namespace or submit for a review (recommended but not mandatory). - Hatchens (talk) 13:26, 7 November 2021 (UTC)

An editor has marked this as a promising draft and requests that, should it go unedited for six months, G13 deletion be postponed, either by making a dummy/minor edit to the page, or by improving and submitting it for review. Last edited by Maslen (talk | contribs) 2 years ago. (Update)

Intel Trust Domain Extensions is a CPU-level technology proposed by Intel in May 2021 for implementing a trusted execution environment in which virtual machines (called "Trust Domains", or TDs) are hardware-isolated from the host's Virtual Machine Manager (VMM), hypervisor, and other software on the host. This hardware isolation is intended to prevent threat actors with administrative access or physical access to the virtual machine host from compromising aspects of the TD virtual machine's confidentiality and integrity.^[1]

TDX consists of multiple components including Virtual Machine Extensions (VMX) instruction set architecture (ISA) extensions, a technology for memory encryption, and a new CPU operation mode called SEAM ("Secure Arbitration Mode"), which hosts the TDX module.^[2]

TDX implements memory protection by encrypting the TD's memory with a per-TD AES-XTS 128-bit key. To avoid leaking ciphertext, memory access is also limited to being from the SEAM mode and direct memory access is unavailable. If memory integrity protections are enabled, a MAC using SHA-3-256 is generated for the private memory and if the MAC validation fails, the TD VM is terminated. TD VM registers are also kept confidential by storing them in a per-TD save state and scrubbing them when the TD returns control to the TD VM.^[1][3]

This section needs expansion. You can help by adding to it. (November 2021)

The technology provides hardware isolation]] of virtual machines (called "trust domains" in Intel terminology), in which the hypervisor loses the ability to control virtual machines directly, instead relying on new CPU instructions (SEAMCALL and SEAMRET).

TDX is available for 5th generation Intel Xeon processors (codename Emerald Rapids) and Edge Enhanced Compute variants of 4th generation Xeon processors (codename Sapphire Rapids). ^[4]

First patches to support TDX technology in Linux kernel were posted in the Linux kernel mailing list around June 2021^[5] , were merged in on May 24, 2022, and were included in the mainline Linux Kernel version 5.19^[6].

Microsoft Azure has announced that as of April 24, 2023 their new DCesv5-series and ECesv5-series virtual machines would support Intel TDX.^[7]

TDX is somewhat similar to SGX, as in that both are implementations of trusted execution environments. However, they are significantly different in the scope of the protections and that SGX requires that applications be rewritten to support SGX, while TDX only requires support at the hardware and operating system levels.^[8] Additionally, even an operating system which does not support running as a TD VM can be protected by being launched as a nested VM within a TD VM.^[1]

Category:Computer-related introductions in 2021 Category:X86 instructions