Skip to content

2.0
Compare
Choose a tag to compare
@frenchwr frenchwr released this 10 May 16:25
· 176 commits to noble-24.04 since this release
2.0
4f4ff28
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Overview

This is the release of Intel© Trust Domain Extensions (TDX) with base host, guest, and remote attestation functionalities on Ubuntu 24.04. If you already have an ongoing engagement with Canonical, please reach out to your Canonical contact to confirm whether this is the appropriate version.

Features

  • The host kernel, known as -intel, is based on 6.8 with the TDX v19 KVM patchset. Source link.
  • QEMU version: 8.2.1
  • libvirt version: 10.0.0
  • Supported Ubuntu guests are:
    • Ubuntu 24.04 6.8 linux-generic
    • Ubuntu 24.04 6.8 linux-intel
  • Remote attestation components:
    • Intel DCAP 1.20
    • Intel Trust Authority Client 1.2.0
  • Improved virsh wrapper tool called tdvirsh, which handles the creation of domain XML files and overlay images for TDs.

Test Configuration

  • CPU: Intel 4th Gen (only TDX SKUs) and 5th Gen Xeon Scalable Processors
  • TDX Module: TDX_1.5.05.46.698

Known Issues/Limitations

  • Failure to boot TD with console=hvc0 in kernel command line and QEMU cmd -serial stdio. This bug is being tracked here.
  • Transparent Hugepage won’t work if memory configuration of TD guest is not 2M aligned.
  • TD doesn't support more than 1 socket CPU topology.
  • TD with large VCPU and memory configuration takes longer to boot.
  • virtio-net in the TD guest may stop working at some point after bootup if the host enables numad service. This bug is being tracked here.
Assets 2
Loading