Intel Developing Rust-Based TD-Shim Firmware For Confidential Containers

Written by Michael Larabel in Intel on 7 February 2023 at 03:00 AM EST. 1 Comment
Among the many interesting talks this past weekend at the 2023 edition of FOSDEM was Intel engineer Jiewen Yao presenting TD-Shim as the company's work on a lightweight virtual firmware for containers that complies with their approach to confidential computing.

Intel's TD-Shim is designed a lightweight virtual firmware implementation for confidential containers with the likes of Kubernetes. TD-Shim is designed with security and confidential computing needs in mind while also being as fast to boot as possible.

TD-Shim aims to replace the traditional Open Virtual Machine Firmware and is also designed to be used with Trust Domain Extensions (TDX) introduced with their latest generation Xeon Scalable "Sapphire Rapids" processors.

Of interest to many Phoronix readers is the fact that TD-Shim is yet another new open-source Intel project making use of the Rust programming language. TD-Shim has been tested so far with hypervisors like KVM and the Intel-led Cloud Hypervisor project.

Intel TD-Shim FOSDEM 2023 slide

Those interested in learning more about TD-Shim for Intel confidential containers can see this slide deck (PDF) from FOSDEM 2023. The open-source TD-Shim firmware is hosted on GitHub.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week