Overview
This release adds new features and bug fixes for IntelⓇ Trust Domain Extensions (TDX) on Ubuntu 24.04.
To install this release, you can either do it on a freshly installed 24.04 system or on your existing setup.
TDX Components
- Kernel:
- QEMU:
- Version: 8.2.2
- Updated to 8.2.2 to be in sync with Ubuntu 24.04 mainline QEMU
- Libvirt:
- Version: 10.0.0
- Add support for “Quote-Generation-Service” option
- OVMF/EDK2:
- Version: 2024.02
- Add SecureBoot support for TDs
- Remote attestation components:
- Intel DCAP 1.21 - Refer to upstream source for more details
- Intel Trust Authority Client 1.5.0 - Refer to upstream source for more details
Project Tools and Support
- Change the project license to GPLv3 (#110)
- Remove support for the package tdx-tools
- Move remote attestation packages into a separate PPA to avoid conflicts with Intel’s upstream SGX/DCAP (#158)
- Add system-report.sh script to collect system’s TDX readiness status to help with debugging (#188)
- Minor bug fixes and enhancements for various shell scripts
Known Issues/Current Limitations:
- Nested virtualization is not supported (#200)
- TD doesn't support more than 1 socket/die CPU topology
- Drop of performance if TD’s RAM is not 2M aligned for Transparent Huge Page
- PMU (Performance Monitoring Unit) is currently not supported and it is disabled by default. (#182)
- Graphics support is disabled (graphic and remote access like VNC are all not supported). (#202)
- I/O device pass-through is not fully supported (#137)
- Guest Kexec is currently not supported (#204)