- 1. Introduction
- 2. Report an Issue
- 3. Supported Hardware
- 4. Setup TDX Host
- 5. Setup TD Guest
- 6. Boot TD Guest
- 7. Verify TD Guest
- 8. Setup Remote Attestation on Host and TD Guest
- 9. Perform Attestation
- 10. Build Packages From Source
- 11. Additional Sanity and Functional Test Cases
Intel® TDX is a confidential computing technology which deploys hardware-isolated, Virtual Machines (VMs) called Trust Domains (TDs). It protects TD VMs from a broad range of software attacks by isolating them from the Virtual-Machine Manager (VMM), hypervisor and other non-TD software on the host platform. As a result, it enhances a platform user’s control of data security and IP protection. Also, it enhances the Cloud Service Providers’ (CSP) ability to provide managed cloud services without exposing tenant data to adversaries. For more information, see the Intel TDX overview.
This tech preview of TDX on Ubuntu 23.10 provides base host and guest functionalities. Follow these instructions to setup the TDX host, create a TD guest, and boot it.
Please submit an issue here and we'll get back to you ASAP.
This release supports 4th Generation Intel® Xeon® Scalable Processors with Intel® TDX and all 5th Generation Intel® Xeon® Scalable Processors.
In this section, you will install a generic Ubuntu 23.10 server, install necessary packages to turn the host into a TDX host, and enable TDX settings in the BIOS.
- Download and install Ubuntu 23.10 server on the host machine.
NOTE: Although rare, the installer may hang during its bootup on some systems, which is caused by a kernel graphics driver issue. The workaround is to add the nomodeset parameter to the kernel command-line. Follow these steps:
- At the
GRUBboot menu, presse - Add
nomodesetto linux line, like the example below:
linux /casper/vmlinuz nomodeset ---- Press
Ctrl-xto continue the boot process - After installation is complete, reboot, use
nomodesetagain, like the example below:
linux /boot/vmlinuz-6.5.0-10-generic nomodeset root=UUID=c5605a23-05ae-4d9d-b65f-e47ba48b7560 ro- Step #3 below will automatically add
nomodesetto the GRUB config so that no additional intervention is needed
-
Download this repository by downloading an asset file from the releases page on GitHub or by cloning it at the appropriate tag.
-
Run the script.
NOTE: If you're behind a proxy, use sudo -E to preserve user environment.
cd tdx
sudo ./setup-tdx-host.sh- Reboot.
- Go into the host's BIOS.
NOTE: The following is a sample BIOS configuration. It may vary slightly from one manufacturer to another.
-
Go to
Socket Configuration > Processor Configuration > TME, TME-MT, TDX.* Set `Memory Encryption (TME)` to `Enabled` * Set `Total Memory Encryption Bypass` to `Enabled` (Optional: for best host and non-TDVM performance.) * Set `Total Memory Encryption Multi-Tenant (TME-MT)` to `Enabled` * Set `TME-MT memory integrity` to `Disabled` * Set `Trust Domain Extension (TDX)` to `Enabled` * Set `TDX Secure Arbitration Mode Loader (SEAM Loader)` to `Enabled`. (NOTE: This allows loading SEAMLDR and TDX module from the ESP or BIOS.) * Set `TME-MT/TDX key split` to a non-zero value -
Go to
Socket Configuration > Processor Configuration > Software Guard Extension (SGX).* Set `SW Guard Extensions (SGX)` to `Enabled` -
Save the BIOS settings and boot up.
- Verify that TDX is enabled using the
dmesgcommand.
sudo dmesg | grep -i tdxAn example output:
...
[ 5.300843] tdx: BIOS enabled: private KeyID range [16, 32)
[ 15.960876] tdx: TDX module: attributes 0x0, vendor_id 0x8086, major_version 1, minor_version 5, build_date 20230323, build_num 481
[ 15.960879] tdx: CMR: [0x100000, 0x77800000)
[ 15.960881] tdx: CMR: [0x100000000, 0x407a000000)
[ 15.960882] tdx: CMR: [0x4080000000, 0x807c000000)
[ 15.960883] tdx: CMR: [0x8080000000, 0xc07c000000)
[ 15.960884] tdx: CMR: [0xc080000000, 0x1007c000000)
[ 18.149996] tdx: 4202516 KBs allocated for PAMT.
[ 18.150000] tdx: module initialized.
...
In this section, you will create an Ubuntu 23.10-based TD guest from scratch or convert an existing non-TD guest into one. This can be performed on any Ubuntu 22.04 or newer system and a TDX-specific environment is not required.
The base image is an Ubuntu 23.10 cloud image ubuntu-23.10-server-cloudimg-amd64.img. You can be customized your preferences by setting these two environment variables before running the script:
export OFFICIAL_UBUNTU_IMAGE="https://cloud-images.ubuntu.com/releases/mantic/release/"
export CLOUD_IMG="ubuntu-23.10-server-cloudimg-amd64.img"- Generate a TD guest image.
NOTE: If you're behind a proxy, usesudo -Eto preserve user environment.
cd tdx/guest-tools/image/
sudo ./create-td-image.shThe produced TD guest image is tdx-guest-ubuntu-23.10.qcow2.
The root password is set to 123456.
If you have an existing Ubuntu 23.10 non-TD guest, you can enable the TDX feature by following these steps.
-
Boot up your guest.
-
Download this repository by downloading an asset file from the releases page on GitHub or by cloning it at the appropriate tag.
-
Run the script.
cd tdx
sudo ./setup-tdx-guest.sh- Shutdown the guest.
Now that you have a TD guest image, let’s boot it. There are two ways to boot it:
- Boot using QEMU
- Boot using virsh
NOTE: the virsh method supports running multiple TDs simultaneously, while the QEMU method supports running only a single instance.
- Boot TD Guest with the provided script.
NOTE: It is recommended that you run the script as a non-root user. To do this, add the current user to the kvm group:
sudo usermod -aG kvm $USERClose the current shell and open a new one to apply this group settings.
cd tdx/guest-tools
TD_IMG=<path_to_td_qcow2_image> ./run_td.shAn example output:
TD VM, PID: 111924, SSH : ssh -p 10022 root@localhost- Configure the libvirt.
NOTE: It is recommended that you run virsh as a non-root user. To do that, please apply these settings to /etc/libvirt/qemu.conf.
user = <your_user_name>
group = <your_group>
dynamic_ownership = 0- Restart the
libvirtdservice
systemctl restart libvirtd- Boot TD guest with libvirt
cd tdx/guest-tools
./td_virsh_tool.shIf you are running the script outside the tdx/guest-tools directory, you should set the
shell variables TD_IMG and/or XML_TEMPLATE to specifiy the paths to the base .qcow2 image
and the libvirt guest XML template file, respectively. For example:
TD_IMG=/tmp/myimage.qcow2 XML_TEMPLATE=../myguest.xml ./td_virsh_tool.shNote that td_virsh_tool.sh also supports running multiple TDs simultaneously. This can
be accomplished either by running the script multiple times or by passing the -n N command
line option (where N is the number of instances you wish to launch). td_virsh_tool.sh
also accepts a -c D option (where D is either the domain name or "all" for all domains)
for destroying and cleaning up unwanted TDs.
# launch two TDs
./td_virsh_tool.sh -n 2
# clean/destroy td_guest-1 domain
./td_virsh_tool.sh -c td_guest-1
# clean/destroy all domains containing "td_guest" in name
./td_virsh_tool.sh -c all- Log into the guest.
NOTE: The example below uses the credentials for a TD guest created from scratch. If you converted your own guest, please use your original credentials.
Also note that if you booted your guest with td_virsh_tool.sh that you will likely need
a different port number from the one below. The tool will print the appropriate port to use
after it has successfully booted the TD.
# From localhost
ssh -p 10022 root@localhost
# From remote host
ssh -p 10022 root@<host_ip>- Verify TDX is enabled in the guest.
dmesg | grep -i tdxAn example output:
[ 0.000000] tdx: Guest detected
[ 0.000000] DMI: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 2023.05-2+tdx1.0~ubuntu23.10.1 10/17/2023
[ 0.395218] process: using TDX aware idle routine
[ 0.395218] Memory Encryption Features active: Intel TDX
- Verify the
tdx_guestdevice exists.
ls /dev/tdx_guestAn example output:
/dev/tdx_guest
Attestation is a process in which the attester requests the verifier (Intel Trust Authority Service) to confirm that it is operating in a secure and trusted environment. This process involves the attester generating a "quote", which contains trusted execution environment (TEE) measurements and other cryptographic evidence. The quote is sent to the verifier who then confirms its validity against reference values and policies. If confirmed, the verifier returns an attestation token. The attester can then send the token to a reply party who will validate it. For more on the basics of attestation, see Attestation overview.
For attestation to work, you need Production hardware. Run this script to verify.
cd tdx/attestation
sudo ./check-production.sh- Install the required DCAP packages on the host.
NOTE: If you're behind a proxy, use sudo -E to preserve user environment.
cd tdx/attestation
sudo ./setup-attestation-host.shReboot the system and verify that sgx devices have proper user and group.
$ ls -l /dev/sgx_*
crw-rw-rw- 1 root sgx 10, 125 Apr 3 21:14 /dev/sgx_enclave
crw-rw---- 1 root sgx_prv 10, 126 Apr 3 21:14 /dev/sgx_provision
crw-rw---- 1 root sgx 10, 124 Apr 3 21:14 /dev/sgx_vepc- Verify the QGS service is running properly.
sudo systemctl status qgsd- Verify the PCCS service is running properly.
sudo systemctl status pccs-
Obtain an Intel PCS API key. This is needed to configure the PCCS service in the next step. Specifically, you should subscribe to the Provisioning Certification Service.
-
Configure the PCCS service.
sudo /usr/bin/pccs-configureAn example configuration you can use:
Checking nodejs version ...
nodejs is installed, continue...
Checking cracklib-runtime ...
Set HTTPS listening port [8081] (1024-65535) :
Set the PCCS service to accept local connections only? [Y] (Y/N) :
Set your Intel PCS API key (Press ENTER to skip) : <Enter your Intel PCS API key here>
You didn't set Intel PCS API key. You can set it later in config/default.json.
Choose caching fill method : [LAZY] (LAZY/OFFLINE/REQ) :
Set PCCS server administrator password: <PCCS-ADMIN-PASSWORD>
Re-enter administrator password: <PCCS-ADMIN-PASSWORD>
Set PCCS server user password: <PCCS-SERVER-USER-PASSWORD>
Re-enter user password: <PCCS-SERVER-USER-PASSWORD>
Do you want to generate insecure HTTPS key and cert for PCCS service? [Y] (Y/N) :N
- Restart the PCCS service.
sudo systemctl restart pccs- Verify the PCCS service is running properly.
sudo systemctl status pccs- Register the platform.
sudo PCKIDRetrievalTool -f retrieval_result.csv -url https://localhost:8081 -user_token <PCCS-SERVER-USER-PASSWORD> -use_secure_cert falseAn example output of successful registration:
Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.18.100.1
Registration status has been set to completed status.
the data has been sent to cache server successfully and retrieval_result.csv has been generated successfully!
An example output of failed registration:
Error: unexpected error occurred while sending data to cache server.
retrieval_result.csv has been generated successfully, however the data couldn't be sent to cache server!
If the failure occurred, you must boot into the BIOS and perform SGX Factory Reset (go to Socket Configuration > Processor Configuration) and execute the registration process again.
Setup Intel Trust Authority (ITA) Client on Guest
-
Boot a TD guest and connect to it.
-
Clone this repo.
git clone https://github.com/canonical/tdx.git- Install the ITA client.
cd tdx/attestation
./setup-attestation-guest.sh- Verify the ITA client version.
trustauthority-cli versionAn example output:
Intel® Trust Authority CLI for TDX
Version: 1.0.1-
Build Date: 2023-10-20T09:45:41+00:00
- Inside the TD guest, generate a sample TD quote to prove the quote generation service is working properly.
cd /usr/share/doc/libtdx-attest-dev/examples/
./test_tdx_attestAn example output of a successful quote generation:
TDX report data
00000000: 1a d0 79 02 45 df 7e 77 2b 9f a2 43 8c 69 4f 8a
00000010: f3 0b 53 44 01 87 15 e1 44 1b 27 f1 c0 eb 14 da
00000020: bb 8d dd 00 6c 5b 78 97 fa 1a da 86 83 2a 10 76
00000030: 35 63 bb 36 ea d0 17 2f eb 3e 20 ab 2a 34 86 e5
TDX report
00000000: 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 06 06 16 18 03 ff 00 04 00 00 00 00 00 00 00 00
00000020: ae ef a8 61 f5 b5 f0 4f b5 ad 95 8c 1b ae f7 5f
00000030: 2c 05 e0 e1 5e cd 5f 87 96 85 0a 10 cf ca a7 58
....
....
Successfully get the TD Quote
Wrote TD Quote to quote.dat
[../tdx_attest.c:537] Inappropriate ioctl for device
Failed to extend rtmr[2]
[../tdx_attest.c:537] Inappropriate ioctl for device
Failed to extend rtmr[3]
NOTE: You can ignore the Failed to extend rtmr messages.
You should also find a quote.dat file generated.
-
Next step is to attest with the Intel Trust Authority service. For this, you will need to subscribe and obtain an API key. See this tutorial for how to create a key.
-
Once you have an API key, create a config.json like the example below:
{
"trustauthority_url": "https://portal.trustauthority.intel.com"
"trustauthority_api_url": "https://api.trustauthority.intel.com",
"trustauthority_api_key": "djE6ZWQ1ZDU2MGEtZDcyMi00ODBmLWJkMGYtMTc3OTNjNjM2ZGY5Onc0cHM3QXV4RDE3U0dHOFZUcjNLQzYyTXpkQXhVNDlVNWtDN3JwVzI="
}
- Finally, attest with the Intel Trust Authority service.
trustauthority-cli token -c config.jsonAn example of a successful attestation:
2024/03/19 23:59:09 [DEBUG] GET https://api.trustauthority.intel.com/appraisal/v1/nonce
Get the vsock port number [4050]
Reply message body is 5030 bytes
2024/03/19 23:59:13 [DEBUG] POST https://api.trustauthority.intel.com/appraisal/v1/attest
Trace Id: U5sA2GNVoAMEPkQ=
eyJhbGciOiJQUzM4NCIsImprdSI6Imh0dHBzOi8vYW1iZXItdGVzdDEtdXNlcjEucHJvamVjdC1hbWJlci1zbWFzLmN
.....
.....
.....
DRctLIeN4MioXztymyK7qsT1p7n7Dh56-HmDQH47MVgrEL_S-wRYDQioEkUvtuA_3pGk
Despite the fact that TDX components live in a separate PPA from the rest of the Ubuntu packages, they follow the Ubuntu standards and offer users the same facilities for code source access and building.
You can find generic instructions on how to build a package from source here: https://wiki.debian.org/BuildingTutorial
Here are the example intructions for building qemu (for normal user with sudo rights):
- Install Ubuntu 23.10
You can install Ubuntu 23.10 or use an existing Ubuntu 23.10 system.
- Install components for build:
sudo apt update
sudo apt install --no-install-recommends --yes software-properties-common \
build-essential \
fakeroot \
devscripts \
wget \
git \
equivs \
liblz4-tool \
sudo \
unzip \
curl \
xz-utils \
cpio \
gawk- Download package's source
sudo add-apt-repository -s ppa:kobuk-team/tdx-release
apt source qemuThis command will create several files and a folder, the folder is the qemu source code.
- Rebuild
cd <qemu-source-code>
sudo apt build-dep ./
debuild -us -uc -bThe resulting debian packages are available in the parent folder.
- Install the packages
You can refer to https://wiki.debian.org/BuildingTutorial#Installing_and_testing_the_modified_package
The core idea of building a package from source code is to be able to edit the source code. The instructions can be found at https://wiki.debian.org/BuildingTutorial#Edit_the_source_code
If you're interested in doing additional sanity and functional testing of TDX, see this wiki.