Trust Domain Extensions

Contributors to Wikimedia projects

Article Images

From Wikipedia, the free encyclopedia

Content deleted Content added

Revision as of 03:13, 21 November 2023 edit Maslen (talk \| contribs) Extended confirmed users 696 edits m ← Previous edit		Revision as of 03:44, 21 November 2023 edit undo Maslen (talk \| contribs) Extended confirmed users 696 edits m Next edit →
Line 14:		Line 14:

	'''Intel Trust Domain Extensions (TDX)''' is a [[central processing unit\|CPU]]-level technology proposed by [[Intel]] in May 2021 for implementing a [[trusted execution environment]] in which [[virtual machines]] (called "Trust Domains", or TDs) are hardware-isolated from the host's Virtual Machine Monitor (VMM), hypervisor, and other software on the host. This hardware isolation is intended to prevent threat actors with administrative access or physical access to the virtual machine host from compromising aspects of the TD virtual machine's confidentiality and integrity. TDX also supports a remote attestation feature which allows users to determine that a remote system has TDX protections enabled prior to sending it sensitive data. {{r\|tdx_whitepaper}}		'''Intel Trust Domain Extensions (TDX)''' is a [[central processing unit\|CPU]]-level technology proposed by [[Intel]] in May 2021 for implementing a [[trusted execution environment]] in which [[virtual machines]] (called "Trust Domains", or TDs) are hardware-isolated from the host's Virtual Machine Monitor (VMM), hypervisor, and other software on the host. This hardware isolation is intended to prevent threat actors with administrative access or physical access to the virtual machine host from compromising aspects of the TD virtual machine's confidentiality and integrity. TDX also supports a remote attestation feature which allows users to determine that a remote system has TDX protections enabled prior to sending it sensitive data. {{r\|tdx_whitepaper}}

			Intel TDX is of particular use for cloud providers, as it increases isolation of customer virtual machines and provides a higher level of assurance that the cloud provider cannot access the customer's data.{{r\|google_tdx_security_review}}{{r\|ibm_tdx_top_down}}{{r\|Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification}}{{r\|NIST IR 8320}}

	Intel TDX was described in and is pending US patent number 20210141658A1.{{r\|tdx_patent_20210141658A1}}		Intel TDX was described in and is pending US patent number 20210141658A1.{{r\|tdx_patent_20210141658A1}}
Line 57:		Line 59:
	\|date = 24 April 2023		\|date = 24 April 2023
	\|access-date = 5 September 2023}}</ref>		\|access-date = 5 September 2023}}</ref>



			<ref name="Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification">{{cite journal
			\| last1 = Sardar
			\| first1 = Muhammad Usama
			\| last2 = Musaev
			\| first2 = Saidgani
			\| date = 7 June 2021
			\| title = Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification
			\| url = https://ieeexplore.ieee.org/document/9448036
			\| journal = IEEE Access
			\| volume = 9
			\| pages = 83067 - 83079
			\| doi = 10.1109/ACCESS.2021.3087421
			\| access-date = 20 September 2023
			}}</ref>


			<ref name=google_tdx_security_review>{{cite web
			\|url = https://cloud.google.com/blog/products/identity-security/rsa-google-intel-confidential-computing-more-secure
			\|title = How Google and Intel make Confidential Computing more secure
			\|date = 24 April 2023
			\|access-date = 20 September 2023}}</ref>

			<ref name=ibm_tdx_top_down>{{cite web
			\|url = https://arxiv.org/pdf/2303.15540.pdf
			\|title = Intel TDX Demystified: A Top-Down Approach
			\|date = 27 Mar 2023
			\|access-date = 20 September 2023}}</ref>


Line 78:		Line 110:
	\|title = Add INTEL_TDX_GUEST config option to selectively compile TDX guest support		\|title = Add INTEL_TDX_GUEST config option to selectively compile TDX guest support
	\|date = 18 June 2021}}</ref>		\|date = 18 June 2021}}</ref>

			<ref name="NIST IR 8320">{{cite web
			\|url = https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8320.pdf
			\|title = Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases
			\|date = May 2022}}</ref>


Line 89:		Line 126:
	\| url = https://patents.google.com/patent/US20210141658A1/en		\| url = https://patents.google.com/patent/US20210141658A1/en
	}}</ref>		}}</ref>


	<ref name=sgx_vs_tdx>{{cite web		<ref name=sgx_vs_tdx>{{cite web

Revision as of 03:44, 21 November 2023

Comment: For a Wikipedia article to be published, it must be notable. Something is notable if it has significant coverage in several independent, reliable sources. A source is independent if it is not a person or organization associated with the article subject. Almost all of the sources cited are from Intel. voorts (talk/contributions) 20:11, 4 November 2023 (UTC)

Comment: Good topic. First develop this at the draft phase and then directly move it to namespace or submit for a review (recommended but not mandatory). - Hatchens (talk) 13:26, 7 November 2021 (UTC)

Intel Trust Domain Extensions (TDX) is a CPU-level technology proposed by Intel in May 2021 for implementing a trusted execution environment in which virtual machines (called "Trust Domains", or TDs) are hardware-isolated from the host's Virtual Machine Monitor (VMM), hypervisor, and other software on the host. This hardware isolation is intended to prevent threat actors with administrative access or physical access to the virtual machine host from compromising aspects of the TD virtual machine's confidentiality and integrity. TDX also supports a remote attestation feature which allows users to determine that a remote system has TDX protections enabled prior to sending it sensitive data. ^[1]

Intel TDX is of particular use for cloud providers, as it increases isolation of customer virtual machines and provides a higher level of assurance that the cloud provider cannot access the customer's data.^[2]^[3]^[4]^[5]

Intel TDX was described in and is pending US patent number 20210141658A1.^[6]

Architecture overview

TDX consists of multiple components including Virtual Machine Extensions (VMX) instruction set architecture (ISA) extensions, a technology for memory encryption, and a new CPU operation mode called SEAM ("Secure Arbitration Mode"), which hosts the TDX module.^[7]

Memory protections

TDX defines two classes of memory: shared memory and private memory. Shared memory is intended to be used for communicating with the TD host and may receive some TDX protections. Private memory received full TDX confidentiality and integrity protections.

TDX implements memory protection by encrypting the TD's memory with a per-TD AES-XTS 128-bit key. To avoid leaking ciphertext, memory access is limited to being from the SEAM mode and direct memory access is unavailable. If memory integrity protections are enabled, a MAC using SHA-3-256 is generated for the private memory and if the MAC validation fails, the TD VM is terminated. TD VM registers are also kept confidential by storing them in a per-TD save state and scrubbing them when the TD returns control to the TD VM.^[1]^[8]

Guest-hypervisor communication

This section needs expansion. You can help by adding to it. (November 2021)

TDX provides hardware isolation of TD VMs by brokering all VMM to TD communication through the TDX module and preventing the VMM from accessing the TD's data. The VMM communicates to the TDX module using new SEAMCALL and SEAMRET CPU instructions. SEAMCALL is used by the VMM to invoke the TDX module to create, delete, or execute a TD. SEAMRET is used by the TDX module to return execution back to the VMM.^[1]^[9]

Remote Attestation

TDX's remote attestation feature allows someone to determine that a remote TD has TDX protections enabled prior to sending it sensitive data. The remote attestation report can be generated by the TDX module calling the SEAMREPORT instruction. The SEAMREPORT instruction generates a MAC-signed "Report" structure which includes information like the version numbers of the TDX's components. That VMM would then convert that "Report" structure into a remotely verifiable "Quote", which it would send to the system requesting attestation.^[1]

Hardware and operating system support

TDX is available for 5th generation Intel Xeon processors (codename Emerald Rapids) and Edge Enhanced Compute variants of 4th generation Xeon processors (codename Sapphire Rapids). ^[10]

First patches to support TDX technology in Linux kernel were posted in the Linux kernel mailing list around June 2021^[11] , were merged in on May 24, 2022, and were included in the mainline Linux Kernel version 5.19^[12].

Microsoft Azure has announced that as of April 24, 2023 their new DCesv5-series and ECesv5-series virtual machines would support Intel TDX.^[13] They have also published information how to use Intel TDX as part of Microsoft Azure Attestation ^[14].

Comparisons to SGX

TDX is somewhat similar to SGX, as in that both are implementations of trusted execution environments. However, they are significantly different in the scope of the protections and that SGX requires that applications be rewritten to support SGX, while TDX only requires support at the hardware and operating system levels.^[15] Additionally, even an operating system which does not support running as a TD VM can be protected by being launched as a nested VM within a TD VM.^[1]

References

^ ^a ^b ^c ^d ^e "Intel® Trust Domain Extensions" (PDF). February 2022.
^ "How Google and Intel make Confidential Computing more secure". 24 April 2023. Retrieved 20 September 2023.
^ "Intel TDX Demystified: A Top-Down Approach" (PDF). 27 Mar 2023. Retrieved 20 September 2023.
^ Sardar, Muhammad Usama; Musaev, Saidgani (7 June 2021). "Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification". IEEE Access. 9: 83067–83079. doi:10.1109/ACCESS.2021.3087421. Retrieved 20 September 2023.
^ "Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases" (PDF). May 2022.
^ US application 20210141658A1, Ravi Sahita, Vedvyas Shanbhogue, "Method and apparatus for trusted devices using trust domain extensions", published 2020-11-11
^ "Intel® Trust Domain Extensions (Intel® TDX)". Retrieved 7 November 2021.
^ "20. Intel Trust Domain Extensions (TDX)". Retrieved 5 September 2023.
^ "Guest Hypervisor Communication Interface (GHCI) for Intel® Trust Domain Extensions (Intel® TDX)1.5" (PDF). March 2023.
^ "What Intel® Xeon Processors Support for Intel® Trust Domain Extensions (Intel® TDX)?". Retrieved 5 September 2023.
^ "Add INTEL_TDX_GUEST config option to selectively compile TDX guest support". 18 June 2021.
^ "x86/tdx for 5.19". 24 May 2022.
^ "Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX". 24 April 2023. Retrieved 5 September 2023.
^ "Azure Attestation EAT profile for Intel® Trust Domain Extensions (TDX)". 19 October 2023. Retrieved 20 November 2023.
^ "Intel SGX vs TDX: what is the difference?". 27 July 2022.

Category:Computer-related introductions in 2021 Category:X86 instructions