Ensuring data security at run-time has long been an open computing challenge and a tough problem to solve. This gap arises because data must be decrypted in system memory for processing, even when it is stored encrypted. This exposes it to a large attack surface of threats posed by potentially malicious system software, such as a compromised operating system, hypervisor, or firmware, as well as individuals with elevated privileges. Confidential Computing is an industry movement to address this security gap, designed to protect data in use. Intel® Trust Domain Extensions (Intel® TDX) is Intel’s latest addition to their confidential computing portfolio.
To make use of these new hardware primitives, the entire software stack needs to be enlightened. To address this, Canonical and Intel have forged a strategic collaboration, enabling customers to always have access to an Intel-optimised Ubuntu build, which has all the latest necessary end-to-end host-to-guest patches available by…