108 Patches Sent Out In Latest Revision Of Intel TDX KVM Support For Linux
Trust Domain Extensions is Intel's alternative to Secure Encrypted Virtualization SEV-SNP with AMD EPYC processors. Intel TDX allows for hardware-isolated virtual machines, a total memory encryption engine, remote attestation, and other security features for trusted domains with Xeon Scalable "Sapphire Rapids" processors.
While the initial x86 TDX code landed in Linux 5.19, integrating the support for KVM virtualization support remains ongoing. There still are some open discussion items around TDX's KVM hardware initialization approach that needs to be settled. This weekend's v10 patch series also updates the KVM TDX patches against the latest Linux 6.1 upstream state, integrated the TDX host kernel support patches into this series, integrated the FD-based private page patches into this series. and other changes.
For those interested in this forthcoming Intel confidential computing feature focused on VM security, see the big v10 patch series for this latest pending code. We'll see if the TDX KVM support manages to get buttoned up in time for the Linux 6.2 cycle for getting this feature fully mainlined prior to Xeon Scalable "Sapphire Rapids" ramping up production.