TDX Module source code including instructions for reproducible build.
- Size: 319.7 KB
- SHA1: 0A45E4370DBAA969F635BEB9262550615B3DD12B
Intel® Trust Domain Extension (TDX) is introducing new, architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software. These hardware-isolated TDs include:
- Secure-Arbitration Mode (SEAM) – an extension to Virtual Machines Extension (VMX) architecture to define a new VMX root mode called SEAM root. This SEAM root mode is used to host a CPU-attested module to create virtual machine (VM) guests called Trust Domains (TD).
- Shared bit in GPA (Guest Physical Address) to help allow TD to access shared memory.
- Secure EPT (Extended Page Table) to help translate private GPA to provide address-translation integrity and to prevent TD-code fetches from shared memory. Encryption and integrity protection of private-memory access using a TD-private key is the goal.
- Physical-address-metadata table (PAMT) to help track page allocation, page initialization, and TLB (Translation Lookaside Buffer) consistency.
- Multi-key, total-memory-encryption (MKTME) engine designed to provide memory encryption using AES-128- XTS.
- Remote attestation designed to provide evidence of TD executing on a genuine, Intel TDX system and its TCB (Trusted Computing Base) version.
For more details, refer https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html under "TDX 1.0 White Papers and Specifications"
The license is in the package.
Product and Performance Information
Intel is in the process of removing non-inclusive language from our current documentation, user interfaces, and code. Please note that retroactive changes are not always possible, and some non-inclusive language may remain in older documentation, user interfaces, and code.