Skip to content

Releases: canonical/tdx

2.1

27 Aug 14:41
@frenchwr frenchwr
2.1
1f9e94d
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.1 Latest
Latest

Overview

This release adds new features and bug fixes for IntelⓇ Trust Domain Extensions (TDX) on Ubuntu 24.04.

To install this release, you can either do it on a freshly installed 24.04 system or on your existing setup.

TDX Components

  • Kernel:
    • Version: 6.8.0-1010-intel
    • Add host kexec / kdump support
    • Fix TDMR reserved areas that may exceed the limit of 16 which can result in TDX module initialization failure
    • Source link
  • QEMU:
    • Version: 8.2.2
    • Updated to 8.2.2 to be in sync with Ubuntu 24.04 mainline QEMU
  • Libvirt:
  • OVMF/EDK2:
  • Remote attestation components:

Project Tools and Support

  • Change the project license to GPLv3 (#110)
  • Remove support for the package tdx-tools
  • Move remote attestation packages into a separate PPA to avoid conflicts with Intel’s upstream SGX/DCAP (#158)
  • Add system-report.sh script to collect system’s TDX readiness status to help with debugging (#188)
  • Minor bug fixes and enhancements for various shell scripts

Known Issues/Current Limitations:

  • Nested virtualization is not supported (#200)
  • TD doesn't support more than 1 socket/die CPU topology
  • Drop of performance if TD’s RAM is not 2M aligned for Transparent Huge Page
  • PMU (Performance Monitoring Unit) is currently not supported and it is disabled by default. (#182)
  • Graphics support is disabled (graphic and remote access like VNC are all not supported). (#202)
  • I/O device pass-through is not fully supported (#137)
  • Guest Kexec is currently not supported (#204)
Assets 2
Loading

2.0

10 May 16:25
@frenchwr frenchwr
2.0
4f4ff28
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
2.0

Overview

This is the release of Intel© Trust Domain Extensions (TDX) with base host, guest, and remote attestation functionalities on Ubuntu 24.04. If you already have an ongoing engagement with Canonical, please reach out to your Canonical contact to confirm whether this is the appropriate version.

Features

  • The host kernel, known as -intel, is based on 6.8 with the TDX v19 KVM patchset. Source link.
  • QEMU version: 8.2.1
  • libvirt version: 10.0.0
  • Supported Ubuntu guests are:
    • Ubuntu 24.04 6.8 linux-generic
    • Ubuntu 24.04 6.8 linux-intel
  • Remote attestation components:
    • Intel DCAP 1.20
    • Intel Trust Authority Client 1.2.0
  • Improved virsh wrapper tool called tdvirsh, which handles the creation of domain XML files and overlay images for TDs.

Test Configuration

  • CPU: Intel 4th Gen (only TDX SKUs) and 5th Gen Xeon Scalable Processors
  • TDX Module: TDX_1.5.05.46.698

Known Issues/Limitations

  • Failure to boot TD with console=hvc0 in kernel command line and QEMU cmd -serial stdio. This bug is being tracked here.
  • Transparent Hugepage won’t work if memory configuration of TD guest is not 2M aligned.
  • TD doesn't support more than 1 socket CPU topology.
  • TD with large VCPU and memory configuration takes longer to boot.
  • virtio-net in the TD guest may stop working at some point after bootup if the host enables numad service. This bug is being tracked here.
Assets 2
Loading

1.2

11 Apr 15:38
@frenchwr frenchwr
1.2
74bd27a
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.2

Overview

This release fixes an issue with a missing package and also adds a new flag to the TD libvirt tool for Intel© Trust Domain Extensions (TDX) on Ubuntu 23.10.

Bug Fix

  • Install missing networking module during host provisioning (#53)

Feature

  • Add support to td_virsh_tool.sh for listing SSH ports of running TDs (#55)
Assets 2
Loading

1.1

04 Apr 19:02
@frenchwr frenchwr
1.1
894703d
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.1

Overview

This release introduces remote attestation functionality and other improvements for Intel© Trust Domain Extensions (TDX) on Ubuntu 23.10.

Features

  • Add remote attestation functionality along with detailed usage instructions (#51)
  • Improve host robustness by ensuring the TDX-enabled kernel is used by grub for subsequent reboots (#47)
  • Add support for running multiple TDs simultaneously with libvirt (#43)
  • Add missing dependencies to script responsible for creating TD image (diff)
  • Update source download instructions (#41)

Known Issues

  • Failure to boot TD with console=hvc0 in kernel command line and QEMU cmd -serial stdio. This bug is being tracked here.
  • KVM missing symbol version for __seamcall_saved_ret. See issue #33 for details and a suggested fix.
Assets 2
Loading

1.0

18 Mar 14:08
@frenchwr frenchwr
1.0
645db8a
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0

Overview

This is the initial release of Intel© Trust Domain Extensions (TDX) with base host and guest functionalities on Ubuntu 23.10.

The section below lists tools to setup the TDX host, create a TD guest, and boot it.

Tools

setup-tdx-host.sh: provisions a Ubuntu 23.10 host with TDX-enabled 6.5 kernel and packages
create-tdx-image.sh: creates a TD QEMU guest image
setup-tdx-guest.sh: converts a non-TD guest image to a TD-enabled guest
run_td.sh: boots a TD guest with QEMU
run_td_virsh.sh: boots a TD guest with virsh (libvirt)
README.md: describes the purpose, usage, and typical results of various scripts

Assets 2
Loading