Intel TDX: understanding the core of Confidential Computing

by Sandrine | Feb 6, 2024 | Cryptography, Engineering, Security
Intel, an active player in the field of Confidential Computing, has been at the forefront of innovations since introducing Software Guard Extensions (SGX) in 2013 – followed by AMD in 2016. With the unveiling of the Intel Trusted Domain Extensions (TDX) in 2022, the tech community finds itself eager to understand the nuances distinguishing TDX from its predecessor, SGX.

What exactly is TDX, and how does it interface with Intel’s Software Guard Extensions (SGX)? Moreover, how can companies like Cosmian support users in harnessing the potential of these technologies? Dive in to discover.

What is Intel TDX and How Does it Complement Intel SGX?

Intel TDX is Intel’s newest brainchild in confidential computing technology. At its core, it’s a hardware-based trusted execution environment (TEE) designed to facilitate the deployment of trust domains (TD). TDs are essentially hardware-isolated virtual machines (VM) developed to shield sensitive data and applications from unauthorized breaches.

Akin to a virtual guardian, Intel TDX employs a CPU-measured module that operates in the newly introduced CPU Secure Arbitration Mode (SEAM). This mode functions alongside a virtual machine manager (VMM) and is pivotal in supporting TD entry and exit operations. Additionally, Intel TDX incorporates a plethora of architectural elements such as SEAM, secure Extended Page Table (EPT), and Intel® Total Memory Encryption – Multi-Key (Intel® TME-MK) to ensure the sanctity of data​​.

While Intel SGX focuses on creating isolated enclaves in memory to run applications securely, Intel TDX takes a broader approach. It provides isolation, confidentiality, and integrity at the VM level, ensuring that not only the data but also the VM’s state remains confidential and untampered.

Both Intel SGX and TDX champion the cause of confidential computing, yet they are distinct in several fundamental ways:

  • Nature of Environment: While SGX is process-based, TDX is rooted in virtualization, offering a broader confidential computing environment.
  • Legacy Application Deployment: SGX’s programming model often necessitated alterations to legacy applications. In contrast, TDX allows effortless deployment of such applications without any notable performance or memory constraints.
  • Isolation Mechanism: TDX provides superior isolation by operating in the new SEAM processor mode, a feature absent in SGX.

How Cosmian Helps Customers Leverage These Technologies?

Intel TDX offers unparalleled security, ensuring that sensitive data and applications remain shielded from unauthorized access. This protection has opened up a myriad of opportunities for businesses. Imagine a financial institution that can perform confidential transactions without ever exposing sensitive customer data. Or a healthcare provider running complex algorithms on patient data without compromising confidentiality. From supply chain optimizations, where multiple parties collaborate without revealing proprietary data, to confidential AI where machine learning models are protected, the possibilities are vast and transformative.

While Intel TDX offers a robust hardware-based foundation for confidential computing, making the most of it isn’t just a plug-and-play affair. It requires a sophisticated software stack that complements its hardware capabilities. Without the right software infrastructure, businesses can’t fully harness the potential of TDX. They need tools to manage memory encryption, handle TD entry and exit points, and ensure data integrity. Furthermore, maintaining performance and security can be a challenge without the right software.

This is where Cosmian steps in. Our open-sourced solutions are meticulously designed to bridge the gap between Intel TDX’s raw potential and real-world applications. We provide tools that facilitate easy transition and integration of TDX into existing systems. Whether you’re migrating legacy applications or developing new ones, our platform ensures a seamless experience. We handle the behind-the-scenes complexities, letting businesses focus on what they do best.

Trying Out with Cosmian’s Open-sourced GitHub Project

For those intrigued by the prospects of Intel TDX and eager to experiment, Cosmian has got you covered. Their open-sourced GitHub project is an excellent starting point. The project is designed to be user-friendly, allowing even those new to the realm of confidential computing to dive in without hesitation.

Cosmian’s solution can be installed into an on-premises setup. And our platform seamlessly integrates with major cloud providers. Whether you’re an AWS aficionado, a GCP enthusiast, or have your assets on Azure, Cosmian ensures that you can leverage Intel TDX’s capabilities without a hitch – at least when the products will be in “general availability”, so be sure to keep an eye on future announcements! This flexibility underscores our commitment to ensuring that businesses, irrespective of their infrastructure choices, can effortlessly harness the power of confidential computing.

In conclusion, Intel TDX, with its state-of-the-art features, presents a monumental leap in confidential computing. And with companies like Cosmian at the helm, leveraging its potential has never been easier. Whether you’re a seasoned developer or a business owner, the future of secure computing beckons. Don’t miss out!

Start securing your data today

We’re with you every step of the way as your trusted partner in encryption. 

Complete the form below to book a demo and one of our experts will be in touch.

Our latest news

— There are no limits

Find us on
the Marketplaces

Regain control now on your data and applications in the cloud, subscribe to our cloud marketplaces offering on AWS, Azure and Google Cloud.

Cosmian makes no tracking for advertising and does not collect any personal data. Cookies are used for statistical or operational purposes, as well as for analysis, allowing for continuous improvement of the website. Cosmian uses the Matomo Analytics tool, an audience measurement solution that uses cookies with a configuration that complies with the data protection legislation and the recommendations of the CNIL (Commission Nationale de l'Informatique et des Libertés). This configuration allows to anonymise visitor's data and to limit the storage period of this data to a maximum of 13 months. With this configuration, the prior consent to the deposit of Matomo Analytics cookies is not required. However, you can still choose not to allow these cookies by clicking below or at any time by consulting our Privacy Policy.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

This opt out feature requires JavaScript.