Overview
Explore Intel Trusted Domain Extensions (TDX) host kernel support in this 27-minute conference talk. Dive into the protection mechanisms for guest VMs against malicious hosts and physical attacks. Learn about the TDX module initialization process, design choices, and implementation details. Understand TDX memory management, kernel policies for converting system memory to TDX memory, and interactions with CPU/memory hotplug and kexec(). Gain insights into the future developments and references for further study on this crucial security technology for virtualized environments.
Syllabus
Intro
TDX Overview
TDX Module Memory Management
Initializing the TDX Module
High Level Design
TDX Memory Policy
Interaction with ACPI Memory Hotplug
Interaction with ACPI CPU Hotplug
Handle ACPI CPU/Memory Hotplug (2)
Kexec() Support
Future work
Reference
Taught by
Linux Foundation