Intel® Trust Domain Extensions (Intel® TDX)
Isolation, confidentiality, and integrity at the virtual machine (VM) level.
What is Intel TDX?
Intel® Trust Domain Extensions (Intel® TDX) is Intel's newest confidential computing technology. This hardware-based trusted execution environment (TEE) facilitates the deployment of trust domains (TD), which are hardware-isolated virtual machines (VM) designed to protect sensitive data and applications from unauthorized access.
A CPU-measured Intel TDX module enables Intel TDX. This software module runs in a new CPU Secure Arbitration Mode (SEAM) as a peer virtual machine manager (VMM), and supports TD entry and exit using the existing virtualization infrastructure. The module is hosted in a reserved memory space identified by the SEAM Range Register (SEAMRR).
Intel TDX uses hardware extensions for managing and encrypting memory and protects both the confidentiality and integrity of the TD CPU state from non-SEAM mode.
Intel TDX uses architectural elements such as SEAM, a shared bit in Guest Physical Address (GPA), secure Extended Page Table (EPT), physical-address-metadata table, Intel® Total Memory Encryption – Multi-Key (Intel® TME-MK), and remote attestation.
Intel TDX ensures data integrity, confidentiality, and authenticity, which empowers engineers and tech professionals to create and maintain secure systems, enhancing trust in virtualized environments.
Key Benefits
The ideal choice to enhance security in virtualized environments.
Isolation
Hardware-level VM isolation for robust data protection against unauthorized access ensures confidentiality and integrity of your data. |
Confidentiality
Unauthorized or altered software is prohibited from loading and accessing confidential data. Data in memory is opaque to cloud service providers (CSP) or operators and shared applications. |
Integrity
Attestation confirms that hardware and software configurations and policies are as expected and provides assurance to the workload owner that the server is trustworthy. |
Protect sensitive data and intellectual property (IP).
Ease of Use
Streamline your workflow by supporting the lift and shift of virtual machines and existing code. Migrate your applications without any modifications for a seamless and trouble-free experience. |
Optimized Performance
Reduce reliance on complex software stacks for faster response times and increased overall performance. |
Use Cases
Employ Intel TDX technology across a variety of use cases to enhance security, privacy, and performance.
Data Security and IP Protection
Protect apps and data from attack, tampering, or theft.
Privacy and Compliance
Strengthen data confidentiality and regulatory compliance.
Data Sovereignty and Control
Prohibit access by cloud providers or other tenants. Add safeguards to data sovereignty and governance.
Confidential AI
Safeguard your AI data and models by providing robust isolation, integrity, and confidentiality.
Get Started with Intel TDX
Intel TDX technology is currently available in:
Alibaba Cloud*
Build an Intel TDX confidential computing environment on Alibaba Cloud* infrastructure. |
Intel® Developer Cloud
Experience optimized deployment environments with the latest Intel processors and performance-optimized software stacks. |
Microsoft Azure*
Harness the power of Intel TDX on Microsoft Azure*, a flexible and scalable cloud computing platform designed for secure and efficient operations. |
Google Cloud*
Use Intel TDX on this robust cloud infrastructure that offers advanced data protection and seamless integration with your existing systems.
|
Explore Intel's Confidential Computing Portfolio
Help secure and isolate your most sensitive data, AI, or model assets with hardware-enhanced memory encryption using Intel’s confidential computing technologies such as:
- Intel® Trust Authority—a zero trust attestation SaaS service
- Intel® Software Guard Extensions (Intel® SGX)—for the smallest trust boundary and software attack surface protection