Overview
Syllabus
Intro
CLOUD THREAT VECTORS
HARDWARE-BASED CLOUD WORKLOAD ISOLATION EVOLUTION
INTEL TDX-HIGH LEVEL SECURITY GOAL OF ARCHITECTURE
CPU ISA
VMX AND SEAM
THREAT MODEL
TD MEMORY CONFIDENTIALITY
TD MEMORY INTEGRITY
PRIVATE KEY MANAGEMENT
HW ADDRESS TRANSLATION
PHYSICAL MEMORY MANAGEMENT
ATTESTATION LEVERAGES INTEL SGX
THREAT COVERAGE - SOFTWARE ADVERSARY ATTACKS
THREAT COVERAGE - HARDWARE ADVERSARY ATTACKS
THREAT COVERAGE-TOX MODULE AND ATTESTATION ATTACKS
THREAT COVERAGE - SIDECHANNEL ATTACKS
INTEL TDX -PUTTING IT ALL TOGETHER
INTEL TDX SOFTWARE IMPLICATIONS
INTEL TDX-SW DEPLOYMENT MODELS
KVM TOUCHPOINTS
MORE ON MMU
LINUX TD GUEST TOUCHPOINTS
GHCI (GUEST-HYPERVISOR COMMUNICATION INTERFACE)
INTEL TDX PLATFORM AND SW LIFECYCLE
SUMMARY
Taught by
Linux Foundation