Linux Prepares For More Code Sharing Between AMD SEV + Intel TDX

Written by Michael Larabel in Intel on 12 December 2021 at 05:54 AM EST. 4 Comments
INTEL
Coming with future Intel CPUs is Trust Domain Extensions (TDX) to further enhance the security of virtual machines (VMs) and it's sounded a lot like AMD's Secure Encrypted Virtualization (SEV) in many regards and in fact now for the Linux kernel Intel is looking at leveraging some of that SEV code to allow for more code sharing between these CPU features to improve virtualization security.

Over the past year Intel has been working to enable Trust Domain Extensions support under Linux. During summer 2020 they outlined TDX for protecting VMs against some forms of hardware attacks and providing secure-arbitration, leveraging encrypted memory, and other safeguards for "Trusted Domains".


After their whitepaper went public they began volleying TDX Linux patches from the compilers to the kernel that continued through this summer along with related work like "unaccepted memory" support and so TDX KVM guests can't crash the host.

The latest effort and another great example of open-source at work is Intel working to share code with the AMD SEV driver. Currently to make use of some of AMD's existing SEV kernel code. The latest patches are for sharing common features between AMD SEV and Intel TDX. "Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious hosts and some physical attacks. TDX has a lot of similarities to AMD SEV. Features like encryption/decryption and string I/O unroll support can be shared between these two technologies. This patch set adds infrastructure changes required to share the code between AMD SEV and TDX."

Open-source at its finest. Initially it's just shifting around a few hundred lines of code but will hopefully lead to more SEV/TDX code sharing moving forward for common features. The code sharing around such important security features is also great as for having all the more developer eyes looking at that crucial code to hopefully more quickly spot any defects or issues.


Intel hasn't confirmed TDX support for upcoming Xeon "Sapphire Rapids" processors but simply for future processors. Those wishing to learn more about Trust Domain Extensions can see Intel's various TDX developer articles.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week