Driving Security Assurance of Intel TDX: An Offensive Security Research Approach

Posted November 19, 2025

author-image

By

Author:
Nagaraju N Kodalapura (Raju), INT31

Confidential computing is transforming how workloads are executed in multi-tenant and cloud environments by safeguarding data even from high-privilege software like the host hypervisor. With the rapid adoption of confidential computing, securing workloads against powerful adversaries—ranging from malicious insiders to compromised hypervisors—has become critical.

Intel® Trust Domain Extensions (Intel® TDX) is one of the pioneering technologies driving this shift. Intel TDX aims to address this by offering a new model of execution: Confidential Virtual Machines (CVMs), also known as Trust Domains (TDs), where workloads run in isolated environments.

This blog explores the architecture of Intel TDX and its key security objectives. This is followed by an overview of security assurance practices at Intel and how the INT31 team applied Offensive Security Research techniques and methods to further strengthen the security objectives and threat model of Intel TDX. The blog refers to the security research done over last couple of years and reference detailed are provided under “References” section at the end of the blog.

Introduction to Intel TDX

One of the primary objectives of Intel TDX is enabling secure execution of sensitive workloads, which are isolated even from privileged host software. Looking ahead, the next-generation Intel TDX Connect aims to support Confidential AI by securely connecting external devices like GPUs and AI accelerators to TDs. This will allow machine learning and inference workloads to benefit from the same level of confidentiality guarantees that a TD offers.

Intel TDX technology introduces a combination of hardware and firmware innovations, creating a boundary of trust around guest VMs even in the presence of potentially compromised host software.

Architecture Overview

At a high level, Intel TDX introduces three foundational components:
 

  • CPU as Hardware Root of Trust: A new mode called Secure Arbitration Mode (SEAM) enforces isolation between TDs and other software layers.
     
  • Firmware Components: Act as an interface bridging hardware and higher software layers.
     
  • Intel TDX Module: An Intel-signed runtime software extension to the Host Hypervisor or Virtual Machine Monitor (VMM) and provides strong isolation between TDs and between TDs and the host.
     

This layered design ensures that trust domains are shielded from untrusted entities such as start-up code, Host Hypervisor, and more.

Figure 1: Intel TDX Architecture Overview.

Key Security Objectives of Intel TDX:
 

  • Confidentiality and Integrity protections to Trust Domain
     
  • SEAM, a new Intel x86 CPU Mode to support Intel TDX
     
  • Per-domain memory integrity
    • Mitigations against Software replay attacks on TDs
    • Protection against modification, relocation and cross-domain corruption by software
    • Simple physical attack protection such as memory probing, DIMM swapping etc attack
       
  • Protection to the Intel TDX module and the execution flow
     

More details on Intel TDX Architecture are available @ Intel TDX

Intel TDX Roadmap Summary
 

  • Intel TDX has been developed and deployed in various phases by intercepting the corresponding server Intel® Xeon® processor family CPU roadmaps. Below are key technology features:
     
    • 1.0: Base technology
       
    • 1.5: Incorporating the following key features
      • TD Live Migration
      • TD Partitioning
      • TD Preserved Update etc
         
    • 2.0: Intel TDX Connect
      • Provides capability to securely assign Intel TDX-capable devices such as GPU, AI Accelerators to TDs
         

The following sections provide security research efforts and results on various features of Intel TDX 1.0 and Intel TDX 1.5

Security Assurance Practices at Intel

Security assurance: The U.S. The National Institute of Standards and Technology (NIST) defines security assurance as a “measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediate and enforces the security policy.”

This blog refers to security assurance as the discipline of identifying and mitigating vulnerabilities early in the product lifecycle—before the products ship. Intel follows a rigorous Security Development Lifecycle (SDL) that applies to hardware, firmware, and software components of a product.

SDL at Intel spans six phases:

Figure 2: Intel Security Development Lifecycle (SDL) Phases.

Intel TDX 1.0 SDL Activities Summary

Key Tasks
 

  • Security Architecture and Threat Model Review
     
  • Design review of Intel TDX ingredients at hardware IP and CPU Core
     
  • Security code and architecture review of firmware and software ingredients
     
  • Penetration and targeted testing
     
  • Provide ongoing security consultation to internal business partners
     

At each stage, Intel performs security assurance activities. It’s very interesting and important to note that since the TDX technology comprises of hardware, firmware and software components, the SDL activities span across all three components to make it a wholistic security assurance of the technology.

Intel’s Offensive Security Research (OSR) Approach

One of the primary objectives of the INT31 team is to evaluate Intel security technologies and products by applying an “outside in” approach with an attacker or hacker mindset and thereby complement the conventional security assurance and validation practices at Intel. The same strategy has been applied to Intel TDX security research.

Key areas of focus include:

Security architecture reviews and Threat Modeling

The objective of this research activity is to engage early with product architecture teams, ranging from hardware architecture to server platform architecture teams and evaluate the security architecture definition by reviewing security architecture claims, identifying gaps, if any, and drive them to closure way before the design phase.

This approach helped address many architectural gaps in Intel TDX 1.0 and resolve multiple issues that were categorized as Gating Product Release (GPR). The team also plays a key role in reviewing and enhancing the threat model definitions so that larger security validation teams could benefit from them. In addition, the INT31 team played a key role in defining and delivering the Platform Security Threat Model (PSTM), which consists of a set of platform level threats targeting Intel TDX, in collaboration with the platform architecture team.

Vulnerability research

Intel TDX as a technology depends on multiple hardware, firmware, software and platform extensions. The key focus of this research area is to evaluate each of these components for potential security vulnerabilities through design/code review and penetration testing activities

Emerging threat analysis and Driving Mitigations

The objective of this research activity is to understand some of the emerging threats by referring to both internal and external research collateral and evaluate the applicability of those findings to Intel products and technologies. On finding such relevant topics, the INT31 team develops Proof of Concept exploits to demonstrate the risk that may be associated with Intel products.

The activity includes not only demonstrating such attacks but also working with product teams to mitigate such issues. Intel TDX security research resulted in several interesting, business-critical security vulnerabilities in the early stages of TDX development and resulted in timely mitigations as well.

Platform-level penetration testing

Intel TDX is a datacentric platform security technology that co-exists with other security technologies such as MKTME, SGX-TEM, etc. The objective of this research is to identify high-risk areas of focus at the platform level and assess the behavior of a TD in presence of hostile platform components.

The platform-level penetration testing effort involved reproducing the cloud setup with Production/Locked Server CPUs and used Production Keys (TD keys) for testing. This activity helped the teams uncover and mitigate issues at the platform level and confirm the security aspects of Intel TDX in a production environment.

Hackathons

Hackathon (HaT) is another security assurance methodology at Intel where we bring product and security experts together with the sole purpose of finding security vulnerabilities within the product through all means available to complement the structured security evaluation process implemented in the SDL.

The INT31 team conducted five hackathons, focusing on the areas of MCHECK, Intel TDX Module, SEAM Loader, the Linux software stack, and Intel TDX end-to-end flows at the platform level. The effort resulted in uncovering 76 vulnerabilities and 12 architectural recommendations, which have been mitigated in 4th Generation Intel Xeon processors code named Sapphire Rapids and later.

The following subsections provide brief summaries of each hackathon

Figure 3: Intel TDX Hackathon: Summary of Findings by components and severity.

*SPR: 4th Gen Intel® Xeon® Scalable CPU (formerly codename Sapphire Rapids)

Please refer to this page for a detailed security research results under each of the above focus areas @Intel Offensive Security Research Overview.

Case Studies: Noteworthy Research Outcomes

TDX-Step Attack
 

  • Inspired by SGX-Step, a previously reported attack on Intel SGX.
     
  • INT31 researchers evaluated its feasibility on Intel TDX during architecture definition.
     
  • Result: Attack proved possible.
     
  • Mitigation: Developed and integrated into the Intel TDX Module, available on GitHub for public audit.
     

2. BadRAM Mitigations
 

  • BadRAM demonstrated memory aliasing attacks against trusted execution environments.
     
  • INT31 had been researching memory aliasing for years, contributing detection and prevention mechanisms.
     
  • Outcome: Both Intel® Software Guard Extensions (Intel® SGX) and Intel TDX are not vulnerable to memory aliasing attacks during boot.
     

These outcomes highlight how offensive research directly shapes and hardens Intel’s confidential computing roadmap.

Collaboration with Industry Partners

One of the primary objectives of this collaborative activity with the industry partners is to ensure that the threats are identified earlier, mitigations are shared faster so that the entire industry benefits.

Security in confidential computing benefits greatly from open research. INT31 team has led multi-month collaborative projects with Google, Microsoft, and other partners
 

Note: Recently we concluded a 5-month collaborative research effort with the Google Team on Intel TDX 1.5 features, namely “TD Migration.” A full-length report from this activity will be published in Q1 2026

Looking Forward: Confidential AI, AI for security and Beyond

With Intel TDX Connect, confidential computing will extend to AI accelerators and GPUs, making it possible to offer Confidential AI. This will protect sensitive training and inference workloads while preserving performance and scalability. Offensive security research will continue to play a pivotal role in securing these next-gen use cases, especially as AI workloads introduce new attack surfaces. We’re also working on leveraging AI tools and Formal Verification techniques to further strengthen the security posture of Intel TDX.

Conclusion

Intel TDX exemplifies how hardware innovation, layered architecture, and offensive security research converge to deliver a trustworthy foundation for confidential computing. By applying SDL practices, complementing them with INT31-led vulnerability research, and collaborating with industry leaders, Intel is pushing the boundaries of what’s possible in secure workload execution.

Intel TDX represents a paradigm shift in confidential computing, and securing such foundational technology demands a proactive and adversarial approach. By combining SDL with Offensive Security Research, Intel helps ensure that Intel TDX evolves resiliently against modern attack surfaces.

As the ecosystem embraces confidential AI and confidential VMs, the lessons from Intel’s OSR methodology—continuous testing, industry collaboration, and proactive mitigation—will set the benchmark for future confidential computing platforms.

 

Acknowledgement

The content presented in this blog is the result of collaborative research efforts among the INT31 researchers namely Nagaraju (author of the blog), Fahimeh Rezaei, Nam Nguyen N and Hareesh Khattri and the participants from multiple hackathons. I would like to extend my gratitude to all research collaborators, Intel TDX architecture, design and validation teams as well as my management and mentors who have been supporting us in driving the multi-year security research journey with various Intel teams and external partners.

Share Your Feedback

We want to hear from you. Send comments, questions, and feedback to the INT31 team.

About the Author

Nagaraju N Kodalapura (Raju) is the Principal Engineer: Offensive Security research in Intel Corporation with 25+ years of experience in semiconductor industry and 15+ years of experience in the security research space. He received his M.S. degree in Digital Design and Embedded Systems from Manipal University, India. He holds 5 Granted Intel Patents and is an IEEE Senior Member with multiple security research publications in IEEE SPACE, Black Hat, and other renowned venues. He leads a team of offensive security researchers focusing on Confidential Computing, Confidential AI and Virtualization technologies.