Intel® Trust Domain Extension (Intel® TDX) Module

738875
6/22/2023

Introduction

TDX Module source code including instructions for reproducible build. Latest release versions available on Github, reference link below.

Available Downloads

  • Size: 566.7 KB
  • SHA1: 5A5B27ACC41A97234423FD9AA6CB353F11CBB2E4

Detailed Description

Intel TDX Module Source Code

Current Release Versions (from 1.5.x) Available on GitHub* 

Intel® Trust Domain Extension (TDX) is introducing new, architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software. These hardware-isolated TDs include:

  1. Secure-Arbitration Mode (SEAM) – an extension to Virtual Machines Extension (VMX) architecture to define a new VMX root mode called SEAM root. This SEAM root mode is used to host a CPU-attested module to create virtual machine (VM) guests called Trust Domains (TD).
  2. Shared bit in GPA (Guest Physical Address) to help allow TD to access shared memory.
  3. Secure EPT (Extended Page Table) to help translate private GPA to provide address-translation integrity and to prevent TD-code fetches from shared memory. Encryption and integrity protection of private-memory access using a TD-private key is the goal.
  4. Physical-address-metadata table (PAMT) to help track page allocation, page initialization, and TLB (Translation Lookaside Buffer) consistency.
  5. Multi-key, total-memory-encryption (MKTME) engine designed to provide memory encryption using AES-128- XTS.
  6. Remote attestation designed to provide evidence of TD executing on a genuine, Intel TDX system and its TCB (Trusted Computing Base) version.

For more details, refer https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html under "TDX 1.0 White Papers and Specifications"

The license is in the package.