Intel® Trust Domain Extensions (Intel® TDX)

Overview

Intel® Trust Domain Extensions (Intel® TDX) is introducing new, architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software. These hardware-isolated TDs include:

  • Secure-Arbitration Mode (SEAM) – a new mode of the CPU designed to host an Intel-provided, digitally-signed, security-services module called the Intel-TDX module.
  • Shared bit in GPA to help allow TD to access shared memory.
  • Secure EPT to help translate private GPA to provide address-translation integrity and to prevent TD-code fetches from shared memory. Encryption and integrity protection of private-memory access using a TD-private key is the goal.
  • Physical-address-metadata table (PAMT) to help track page allocation, page initialization, and TLB consistency.
  • Multi-key, total-memory-encryption (MKTME) engine designed to provide memory encryption using AES-128- XTS and integrity using 28-bit MAC and a TD-ownership bit.
  • Remote attestation designed to provide evidence of TD executing on a genuine, Intel-TDX system and its TCB version.

White Papers and Specifications

Document Description Date
Intel® Trust Domain Extensions (Intel® TDX) An introductory overview of the Intel® TDX technology. August 2020
Intel® CPU Architectural Extensions Specification A specification of Intel CPU architectural support for Intel TDX. May 2021
Intel TDX® Module 1.0 Specification Architecture and Application Binary Interface (ABI) Specification of the Intel TDX Module. August 2021
Intel® TDX Loader Interface Specification A specification of how a VMM loads the Intel TDX Module on a platform. May 2021
Intel® TDX Guest-Hypervisor Communication Interface A specification of the new software interfaces between a VMM and a guest OS that are required for enabling Intel TDX. September 2020
Intel® TDX Virtual Firmware Design Guide A design guide on how to design and implement a virtual firmware for a trust domain. October 2020

 

产品和性能信息

1

性能因用途、配置和其他因素而异。请访问 www.Intel.cn/PerformanceIndex 了解更多信息。