aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Computing
  • Technology

Canonical And Intel’s Strategic Collaboration Brings You Confidential Computing With Intel® TDX On Ubuntu

  • Dean Marc
  • December 14, 2023
  • 5 minute read

Ensuring data security at run-time has long been an open computing challenge and a tough problem to solve. This gap arises because data must be decrypted in system memory for processing, even when it is stored encrypted. This exposes it to a large attack surface of threats posed by potentially malicious system software, such as a compromised operating system, hypervisor, or firmware, as well as individuals with elevated privileges. Confidential Computing is an industry movement to address this security gap, designed to protect data in use.  Intel® Trust Domain Extensions (Intel® TDX) is Intel’s latest addition to their confidential computing portfolio.

To make use of these new hardware primitives, the entire software stack needs to be enlightened. To address this, Canonical and Intel have forged a strategic collaboration, enabling customers to always have access to an Intel-optimised Ubuntu build, which has all the latest necessary end-to-end host-to-guest patches available by default, even before they make it upstream. As the upstreaming process progresses, these patches will subsequently also become available on the generic Ubuntu images. 


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

Intel® TDX on 5th Gen Intel® Xeon Scalable Processors

Intel® TDX introduces new architectural elements that address the challenge of run-time security in virtualised environments head-on. Intel TDX has been designed to establish secure and isolated virtual machines known as trust domains (TDs), and to protect them from various potential software threats, including those originating from the virtual-machine manager and other non-trust domain software on the platform. Intel TDX also strengthens defence against specific physical access attacks on platform memory, such as cold-boot attacks and active attacks on DRAM interfaces. To achieve this, Intel TDX capable CPUs incorporate a new AES-128 hardware encryption engine which encrypts memory pages at run-time, using an encryption key that is protected by the TDX hardware root of trust and is exclusively accessed by the TD guest owner. 

Read More  How To Install And Configure Couchbase DB In Ubuntu

To achieve such strong security guarantees, the solution relies on Intel’s innovations at the silicon level. Initially, this capability was only available on select SKUs of their 4th Gen Intel® Xeon scalable processors, offered via a limited number of public cloud providers. Now, Intel has announced general Intel TDX market availability through its 5th Gen Intel® Xeon Scalable processors, formerly code-named Emerald Rapids. 

5th Gen Intel® Xeon® Scalable processors help maximise the longevity and return on IT investments with compatibility with the previous generation to minimise testing and validation. Intel’s industry-leading portfolio for data security helps unlock opportunities with silicon-based security features and trust services. 

“Intel has a well-established and collaborative relationship with Canonical, and we work closely to enable our security capabilities within the Ubuntu operating environment. Through our collaboration, Canonical now offers an Intel-optimised version of their enterprise distributions that incorporates all the latest Intel TDX architectural elements and innovations in 5th Gen Xeon Scalable processors. This will provide customers with the confidence that their most sensitive data is more secure, while also helping maintain privacy and promote compliance.“– Mark Skarpness, Vice President and General Manager of System Software Engineering, Intel.

“We are excited to extend our long-standing partnership with Intel into Intel TDX! This will enable 5th Gen Intel Xeon Scalable processors’ users to start building their confidential computing infrastructure with Ubuntu today, and benefit from its strong hardware-rooted confidentiality and integrity security guarantees”, said Cindy Goldberg, VP of Silicon Alliance, Canonical.

For customers and end-users eagerly anticipating the hardware upgrade, it fully unlocks the potential of these silicon security innovations and also necessitates enablement at the software level. In the Linux ecosystem, achieving this involves the upstreaming of patches before integration into downstream distributions. This is a time intensive process, and with it comes the imminent risk of a widening gap between silicon innovation and software readiness, which will only get compounded as Intel continues to push the boundaries of hardware innovation for 5th Gen Intel Xeon scalable processors and beyond.

Read More  Oracle CloudWorld 2023: 6 Key Takeaways From The Big Annual Event

A staged approach to enable Intel® TDX for confidential computing

The results of this strategic partnership are already here, with our recently released Intel TDX private preview on Ubuntu 23.10, it is empowering our customers to confidently start their confidential computing journey with Ubuntu on Intel TDX today, while also laying the groundwork for more extensive and long-term plans for Ubuntu 24.04 LTS and beyond.

Canonical’s vision for Intel TDX on Ubuntu is ambitious and all-encompassing. Once customers acquire a 5th Gen Intel Xeon Scalable processor, they will be ready to easily deploy both an Ubuntu host for Intel TDX with the kernel, Libvirt QEMU, and  Trust Domain Virtual Firmware (TDVF), and an Ubuntu guest Intel TDX VM equipped with the necessary enlightened kernel, Shim, and Grub. 

Fig.1 End-2-End Intel TDX software stack with Ubuntu

Security maintenance and enterprise support

Anticipating Intel TDX’s integration into the generic Ubuntu 24.04 images, Canonical is taking an incremental approach to the level of security maintenance and enterprise support the company offers for these Intel TDX optimised builds. Starting with Ubuntu 23.10, an Intel TDX limited preview is already live for both host and guest enablement, where Canonical provides user-friendly scripts for effortless confidential environment setup. Remote attestation capability is expected by December 2023, and setup assets are accessible on GitHub. Canonical leads first line support during this technical preview, with Intel handling second line support. The 6.5 kernel stays updated with security patches, and user space PPAs for QEMU, Libvirt, and TDVF track upstream changes. 

Looking ahead

This strategic collaboration effort between Canonical and Intel marks a significant commitment to advancing confidential computing. Beyond the immediate benefits of Intel TDX, this partnership seeks to bridge the ever-growing gap between cutting-edge silicon innovation and the software ecosystem’s ability to keep pace. Organisations can now confidently embrace the full potential of Intel TDX, ensuring a secure and optimised experience for end-users.

Read More  Security Roundup - Stories And Launches From Second Quarter 2022

Furthermore, the availability of Ubuntu-based Intel TDX on many major public cloud providers, including Microsoft Azure and Google Cloud, empowers you to confidently start the development of your multi-cloud hybrid confidential computing strategy with Ubuntu today, providing a unified and secure environment for your computing needs.

Canonical invites you to deploy the Ubuntu Intel TDX build, and share your valuable feedback and questions. Get started with confidential computing and share your feedback with us. Your input is crucial as we collaboratively drive innovation and fortify data security for the future.

About Canonical 

Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone. 

Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries .

Source: cyberpogo.com


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

Dean Marc

Part of the more nomadic tribe of humanity, Dean believes a boat anchored ashore, while safe, is a tragedy, as this denies the boat its purpose. Dean normally works as a strategist, advisor, operator, mentor, coder, and janitor for several technology companies, open-source communities, and startups. Otherwise, he's on a hunt for some good bean or leaf to enjoy a good read on some newly (re)discovered city or walking roads less taken with his little one.

Related Topics
  • Canonical
  • Computing
  • Data
  • Intel
  • Security
  • Silicon
  • Ubuntu
  • Xeon
You May Also Like
View Post
  • Computing
  • Multi-Cloud
  • Technology

Reliance on US tech providers is making IT leaders skittish

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Examine the 4 types of edge computing, with examples

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

AI and private cloud: 2 lessons from Dell Tech World 2025

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

TD Synnex named as UK distributor for Cohesity

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Weigh these 6 enterprise advantages of storage as a service

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Pulsant targets partner diversity with new IaaS solution

  • May 23, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Growing AI workloads are causing hybrid cloud headaches

  • May 23, 2025

Stay Connected!
LATEST
  • 1
    Just make it scale: An Aurora DSQL story
    • May 29, 2025
  • 2
    Reliance on US tech providers is making IT leaders skittish
    • May 28, 2025
  • Examine the 4 types of edge computing, with examples
    • May 28, 2025
  • AI and private cloud: 2 lessons from Dell Tech World 2025
    • May 28, 2025
  • 5
    TD Synnex named as UK distributor for Cohesity
    • May 28, 2025
  • Weigh these 6 enterprise advantages of storage as a service
    • May 28, 2025
  • 7
    Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more
    • May 28, 2025
  • 8
    Pulsant targets partner diversity with new IaaS solution
    • May 23, 2025
  • 9
    Growing AI workloads are causing hybrid cloud headaches
    • May 23, 2025
  • Gemma 3n 10
    Announcing Gemma 3n preview: powerful, efficient, mobile-first AI
    • May 22, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    Cloud adoption isn’t all it’s cut out to be as enterprises report growing dissatisfaction
    • May 15, 2025
  • 2
    Hybrid cloud is complicated – Red Hat’s new AI assistant wants to solve that
    • May 20, 2025
  • 3
    Google is getting serious on cloud sovereignty
    • May 22, 2025
  • oracle-ibm 4
    Google Cloud and Philips Collaborate to Drive Consumer Marketing Innovation and Transform Digital Asset Management with AI
    • May 20, 2025
  • notta-ai-header 5
    Notta vs Fireflies: Which AI Transcription Tool Deserves Your Attention in 2025?
    • May 16, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.