intel / tdx-tools

Cloud Stack and Solutions for Intel TDX (Trust Domain Extension)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PROJECT NOT UNDER ACTIVE MANAGEMENT

This project will no longer be maintained by Intel.

Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project.

Intel no longer accepts patches to this project.

If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project.

Contact: webadmin@linux.intel.com

Intel® TDX (Trust Domain Extensions)

CI Check Shell CI Check Python CI Check License CI Check Document

NOTE: The project is end of life. See more information of TDX Early Preview in Software Availability.

For solutions of Intel TDX Full Disk Encryption and building Trusted Chain for Cloud Native in Confidential Computing Envrionment, please see Unified API for Trusted Execution Environment.

1. Overview

1.1 Intel® Trust Domain Extensions(TDX)

Intel® Trust Domain Extensions(TDX) refers to an Intel technology that extends Virtual Machine Extensions(VMX) and Multi-Key Total Memory Encryption(MK-TME) with a new kind of virtual machine guest called a Trust Domain(TD). A TD runs in a CPU mode that protects the confidentiality of its memory contents and its CPU state from any other software, including the hosting Virtual Machine Monitor (VMM). Please see details at here.

1.2 Hardware Availability

1.3 Software Availability

NOTE: The project "Linux TDX SW Stack" is end of life. This branch only sustains tools for TDX early preview.

Please refer to Red Hat blog Enabling hardware-backed confidential computing with a CentOS SIG or Ubuntu blog Intel® TDX 1.0 technology preview available on Ubuntu 23.10 or SUSE blog Intel® TDX Support Coming to SUSE Linux Enterprise Server for more information of TDX Early Preview.

The corresponding git repositories are as below.

2. How to launch TD

Use the script start-qemu.sh to start a TD via QEMU.

A simple usage of the script to launch TD would be as follows:

./start-qemu.sh -i <guest image file> -k <guest kernel file>

Or to use the guest's grub bootloader:

./start-qemu.sh -i <guest image file> -b grub

For more advanced configurations, please check the help menu:

./start-qemu.sh -h

Once the TD guest VM is launched, you can verify it is truly TD VM by querying cpuinfo. It's supposed to have tdx_guest flag.

cat /proc/cpuinfo | grep tdx_guest

About

Cloud Stack and Solutions for Intel TDX (Trust Domain Extension)

License:Apache License 2.0


Languages

Language:Python 81.3%Language:Shell 14.3%Language:Rust 4.4%Language:Makefile 0.1%