Linux Prepares For More Code Sharing Between AMD SEV + Intel TDX
Over the past year Intel has been working to enable Trust Domain Extensions support under Linux. During summer 2020 they outlined TDX for protecting VMs against some forms of hardware attacks and providing secure-arbitration, leveraging encrypted memory, and other safeguards for "Trusted Domains".
After their whitepaper went public they began volleying TDX Linux patches from the compilers to the kernel that continued through this summer along with related work like "unaccepted memory" support and so TDX KVM guests can't crash the host.
The latest effort and another great example of open-source at work is Intel working to share code with the AMD SEV driver. Currently to make use of some of AMD's existing SEV kernel code. The latest patches are for sharing common features between AMD SEV and Intel TDX. "Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious hosts and some physical attacks. TDX has a lot of similarities to AMD SEV. Features like encryption/decryption and string I/O unroll support can be shared between these two technologies. This patch set adds infrastructure changes required to share the code between AMD SEV and TDX."
Open-source at its finest. Initially it's just shifting around a few hundred lines of code but will hopefully lead to more SEV/TDX code sharing moving forward for common features. The code sharing around such important security features is also great as for having all the more developer eyes looking at that crucial code to hopefully more quickly spot any defects or issues.
Intel hasn't confirmed TDX support for upcoming Xeon "Sapphire Rapids" processors but simply for future processors. Those wishing to learn more about Trust Domain Extensions can see Intel's various TDX developer articles.