Intel TDX 1.5 security review conducted jointly by Intel and Microsoft. Here, they are excited to share Intel and Microsoft’s cooperative security review of Intel Trust Domain Extensions (Intel TDX) version 1.5. Intel is committed to the success and security of its Confidential Computing technology for the benefit of itself, the industry, and consumer trust. Collaborative research like this aids in identifying potential security flaws in these intricate settings before malevolent actors may exploit them.
Prior to the release of Intel TDX 1.5, a security review was conducted that entailed months of architectural, design, and code evaluation. The review was concluded with a collaborative hackathon in which the teams discovered a few vulnerabilities that have all been fixed as well as security flaws that require defense-in-depth adjustments.
In “an instrumental technology helping to achieve our [confidential compute] goals,” Microsoft Principal Security Research Manager Yair Netzer calls Intel TDX. “It’s even more secure now that they’re done,” he said, adding, “and after this hackathon, he very confident with this technology.”
Maxime Villard, one of the Microsoft security researchers working on the project, spoke about two of the problems identified during the assessment today at Black Hat. It is significant to remember that these problems have already been lessened and are of medium severity.
This is just one more fantastic illustration of how Intel’s product security assurance team works to provide the strongest and safest devices possible to help safeguard users’ information.
TDX is Intel Trust Domain Extensions
Confidentiality, integrity, and isolation at the virtual machine (VM) level.
What is TDX from Intel?
The newest technology from Intel for secret computing is called Intel Trust Domain Extensions (Intel TDX 1.5). The deployment of trust domains (TD), which are hardware-isolated virtual machines (VM) intended to safeguard sensitive data and programs from unauthorised access, is made easier by this hardware-based trusted execution environment (TEE).
Intel TDX 1.5 is enabled by a CPU-measured Intel TDX module. This software module facilitates TD entry and exit utilising the current virtualisation infrastructure and operates as a peer virtual machine manager (VMM) in a new CPU Secure Arbitration Mode (SEAM). The SEAM Range Register (SEAMRR) designates the reserved memory area where the module is hosted.
Intel TDX safeguards the integrity and secrecy of the TD CPU state from non-SEAM mode and manages memory via hardware extensions.
Intel TDX 1.5 makes advantage of architectural components like Intel Total Memory Encryption Multi-Key (Intel TME-MK), physical-address-metadata tables, secure Extended Page Tables (EPT), shared bits in Guest Physical Addresses (GPA), and remote attestation.
Because Intel TDX guarantees data integrity, confidentiality, and authenticity, engineers and IT specialists are better equipped to design and manage safe systems, which raises the level of confidence in virtualised environments.
Principal Advantages
The best option for improving security in contexts with virtualisation.
Separation: Your data is protected against unauthorised access and is kept confidential and intact with hardware-level virtual machine isolation.
Keep Information Private:It is forbidden for software that has been altered or unauthorised to load and access private information. For shared apps and cloud service providers (CSPs) or operators, data in memory is opaque.
Honesty: By confirming that hardware and software configurations and rules are as expected, attestation gives the workload owner confidence in the reliability of the server.
Safeguard confidential information and intellectual property (IP)
Usability: By enabling the lift and shift of virtual machines and existing code, you may simplify your process. For a smooth and trouble-free migration, move your apps without making any changes.
Enhanced Efficiency: For quicker reaction times and better overall performance, lessen your dependency on complicated software stacks.
Utilisation Examples: Utilise Intel TDX technology to improve security, privacy, and performance across a range of use scenarios.
IP protection and data security: Defend data and apps against theft, tampering, and attacks.
Compliance and Privacy: Bolster regulatory compliance and data privacy.
Control and Sovereignty of Data: Deny cloud providers or other tenants access. For data governance and sovereignty, add protections.
Secret AI: Protect your AI models and data by ensuring strong confidentiality, integrity, and isolation.
Start Using Intel TDX Now
At the moment, Intel TDX technology is accessible in:
Alibaba Cloud: Construct a secure Intel TDX environment using Alibaba Cloud infrastructure.
Cloud Intel Developer: With the newest Intel processors and performance-optimised software stacks, enjoy optimised deployment settings.
Microsoft Cloud: Use Microsoft Azure, a scalable and adaptable cloud computing platform built for safe and effective operations, to fully use the capabilities of Intel TDX.
Platform Service for Google Cloud: Utilise Intel TDX on this dependable cloud infrastructure, which provides excellent data security and easy connection with your current systems.
Overview
The technical synopsis of the vulnerabilities discovered during Microsoft’s collaborative review is provided in this report and Intel regarding the security of version 1.5 of the Intel Trust Domain Extensions (Intel TDX 1.5). Newest from Intel is TDX.
secure computing technology, a trusted execution environment (TEE) relies on hardware that makes it easier to implement Trust Domains (TD), which are virtual computers with hardware isolation (VM) created to prevent unauthorised access to sensitive data and applications.
Microsoft security researchers worked closely with Intel to complete the study. Approximately four months, including engineers, researchers, and architects. This partnership included of recurring technical talks where Intel quickly responded to any queries or concerns Microsoft researchers. The review was followed by a two-week long on-site hackathon.
- The Intel crew was very responsive and available during the review.
- The majority of Intel’s code base and specification documents were included in the review’s scope.
- TDX, with a focus on the following three recently added features from version 1.5: TD Dividends, TD.
Updating while maintaining TD Live Migration
During the review, 29 attack vectors were examined, resulting in the identification of 6 verified vulnerabilities and fifteen suggestions for enhancing defense-in-depth. Three weaknesses violated the fundamental integrity and confidentiality guarantee made by Intel TDX for visitor-only virtual machines, either by using the entire Intel TDX 1.5 module or by falsifying the guest Trust Domains’ attestation data. take command. The integrity of vintage VMMs on platforms with Intel TDX 1.5 enabled was also affected by this problem.
