Determine security ramifications to protect personal data and information
106 Discussions

Intel – Google TDX Security Review

0 0 6,231

Hi everyone!

In the Intel 2022 Product Security Report, we highlight many of the investments Intel makes in product security assurance. Much of those activities happen during product development and in today’s episode of Chips & Salsa, we talk to folks from Intel and Google who collaborated on a security review of Intel Trust Domain Extensions, or Intel® TDX, before this new technology shipped in 4th generation Intel® Xeon® processors, codenamed Sapphire Rapids. 

Intel Trust Domain Extensions (Intel TDX) is introducing new, architectural elements to deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.

VM isolation with Intel TDX is a key component of Intel’s Confidential Computing portfolio, which also includes application isolation with Intel SGX and trust verification with our upcoming service code-named Project Amber. Confidential Computing uses hardware to protect data in-use from a wide variety of threats and enables organizations to activate sensitive or regulated data that may have otherwise been locked down and idle.

To prepare the product for prime time after Intel TDX went through our rigorous SDL process, we put Intel TDX through an exhaustive three-part test:

  • In our first-ever pre-release activity, we also took Intel TDX through Project Circuit Breaker, part of Intel's Bug Bounty, where we challenged a community of elite hackers to find bugs in some of our top technologies. Using simulation software, the community went through two rounds of bug hunting over several months, earning bounties to help us find potential vulnerabilities so we could mitigate them
  • We then took it to security experts at Google Cloud and Google Project Zero to conduct a deep security review. They looked for security weaknesses while evaluating the expected threat model for any limitations that would inform Google’s decisions. The 9-month collaboration resulted in 10 security issues and 5 defense-in-depth changes that were mitigated.

“Overall, the security review was a great success. Our primary goal was to provide assurances that the Intel TDX feature is secure, has no obvious defects, and works as expected. This is what we were after, and this is what we achieved. Together, we made this better, harder to penetrate and break, for the benefit of all our users,” said Andrés Lagar-Cavilla, principal engineer, Google Cloud.

  • Intel offensive researchers also spent considerable time reviewing the product. Their job is to apply an attacker mindset to evaluate security technologies. They were able to find and mitigate potential vulnerabilities like the use of memory disturbance errors. Threat modeling, penetration testing, and hackathons were all applied during the research.

We have listened to our customers and invested in best practices for thorough security testing of this product before release. This might be one of our most Intel TDX is hardened with mitigations from findings across all research approaches.  Learn more about the security review and the Google Cloud and Google Project Zero research results by watching the video below:


More information:

Read the Google technical paper here.

Read the Google Cloud blog here.

Read the Google Project Zero Blog here.

Read the Intel technical paper here.


Thanks to everyone involved in these security reviews!

Jerry Bryant

Sr. Director of Security Communications

Intel Product Assurance and Security