2022-02-17 · 2 min read
Intel TDX is designed to isolate virtual machines from the VMM/hypervisor and other non-VMM system software on the platform. TDX is also able to protect the VMs from some forms of hardware attacks
Intel Trust Domain Extensions (Intel TDX) is introducing new, architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software. source
Secure-Arbitration Mode (SEAM) – a new mode of the CPU designed to host an Intel-provided, digitally-signed, security-services module called the Intel TDX module.
Shared bit in GPA to help allow TD to access shared memory.
Secure EPT to help translate private GPA to provide address-translation integrity and to prevent TD-code fetches from shared memory. Encryption and integrity protection of private-memory access using a TD-private key is the goal.
Physical-address-metadata table (PAMT) to help track page allocation, page initialization, and TLB consistency.
Multi-key, total-memory-encryption (MKTME) engine designed to provide memory encryption using AES-128- XTS and integrity using 28-bit MAC and a TD-ownership bit.
Remote attestation designed to provide evidence of TD executing on a genuine, Intel TDX system and its TCB version.
It looks like you basically run a linux kernel on the host machine, then linux (which now supports TDX) can run these VM isolates (just like containers I guess, but with privacy and isolation).
|linux firmware loader
|QEMU guest BIOS
|QEMU guest attestation