3.0

Overview

This release provides Intel© Trust Domain Extensions (TDX) with base host, guest, and remote attestation functionalities for
Ubuntu.

The new release delivers following major changes:

• Add support for Ubuntu Oracular (24.10) Host OS

• Extend the list of supported guest OS:

  • Ubuntu Oracular 24.10 (kernel: 6.11 linux-generic) 🆕
  • Ubuntu Oracular 24.10 (kernel: 6.11 linux-intel) 🆕
  • Ubuntu Noble 24.04 (kernel: 6.8 linux-generic)

  ❗For that purpose, create-td-image.sh has been modified to allow users to specify the
  guest version for the guest image.

• Attestation & measurements : add boot scripts to do direct boot (+ Unified Kernel Image) and instructions to inspect the boot event log

1. Ubuntu 24.10

⚠️ For the best user experience, it’s not recommended to do an upgrade from Ubuntu 24.04 with TDX. Perform a fresh installation of Ubuntu 24.10 + TDX components instead.

1.1. TDX Components

• Kernel:
  Version: 6.11.0-1003-intel
  Source link.
• QEMU:
  Version: 9.0.2
• Libvirt:
  Version: 10.6.0
• OVMF/EDK2:
  Version: 2024.05
• Remote attestation components:
  • Intel DCAP
    Version: 1.21
  • Intel Trust Authority Client
    Version: 1.6.1

1.2. Test Configurations

• CPU: 4th Gen Intel® Xeon® Scalable Processors
  TDX Module: TDX_1.5.05, build 698
• CPU: 5th Gen Intel® Xeon® Scalable Processors
  TDX Module: TDX_1.5.06, build 744
• CPU: Intel® Xeon® 6 Processors with P-Cores
  TDX Module: TDX_2.0.01, build 785

1.3. Known Issues/Current Limitations

• Nested virtualization is not supported (#200)
• TD guest doesn't support more than 1 socket/die CPU topology
• PMU (Performance Monitoring Unit) is currently not supported and it is disabled by default. (#182)
• Drop of performance if TD guest’s memory is not 2M aligned for Transparent Huge Page.
• Graphics support is disabled (graphic and remote access like VNC are all not supported). (#202)
• I/O device pass-through is not fully supported. (#137)
• Guest Kexec is currently not supported. (#204)
• TD guest with large VCPU and memory configuration takes longer to boot.
• TD guest with more than 255 VCPUs won’t boot.
• Failure to boot TD guest with console=hvc0 in kernel command line and QEMU cmd -serial stdio. This bug is being tracked here.

2. Ubuntu 24.04

None

3. Bugfixes

• libvirt : set ovmf readonly flag to true by @hector-cao in #279

4. Testing

• tests : fix intel trust authority quote generation tests by @hector-cao in #290
• tests : extend ssh connection timeout for test tsc_deadline disable by @hector-cao in #280
• several improvements for tests in Ubuntu 24.10 by @hector-cao in #276

5. Minor improvements

• Update README.md to remove confusion about API Key in Intel Tiber Tru… by @npankaj365 in #274
• Noble 24.04 minor improvements by @hector-cao in #272
• Add correction to echo command in run_td.sh by @TejaswineeL in #277
• add the management of multiple ubuntu releases by @hector-cao in #278
• image : add multi release image generation capability by @hector-cao in #282
• Improve run_td.sh script output by @bktan8 in #284
• Improve Supported Hardware section by @bktan8 in #288
• Update the README for create-td-image.sh by @hector-cao in #287
• Add troubleshooting tips section by @bktan8 in #273
• Add proxy note for MPA registration section by @bktan8 in #293
• Fix formatting issue in MPA registration section by @bktan8 in #294
• Update README.md by @hector-cao in #291

6. New Contributors

• @npankaj365 made their first contribution in #274

Full Changelog: 2.2...3.0