Closed michaelrun closed 7 months ago
Hi there,
Support for Intel TDX is currently in development. You can check out the progress here: https://github.com/edgelesssys/constellation/tree/feat/tdx-libvirt
The current implementation state is for local QEMU/KVM deployments only and requires TDX hardware. Support for TDX on Cloud Provider solutions e.g. Azure or GCP will come when and if the CSP support this.
You can also look at this demo of our Intel TDX preview: https://youtu.be/mSfvhkLLMD8
Thanks for reply @malt3 @daniel-weisse BTW, when local QEMU/KMV will be ready for release?
QEMU/KVM on its own is already available. It's lacking some public documentation currently as it is mostly used for testing purposes.
The requirements are the same as for MiniConstellation. You can create a cluster using the following commands:
constellation config generate qemu
vim constellation-conf.yaml # Check and adjust the created config
constellation create -c1 -w1 # Adjust c and w to the number of control-plane/worker nodes you want
constellation init
As for our QEMU/KVM deployment supporting TDX: I will try and get it merged for the next release or the one after that. So ideally next week, and start of June at the latest.
@daniel-weisse Got it. Thanks, i will have a try later.
Can I do a POC using this TDX branch now?
You can also look at this demo of our Intel TDX preview: https://youtu.be/mSfvhkLLMD8
Is this link still available? I can't access now.
Can I do a POC using this TDX branch now?
We will update this issue as as soon as we have documentation available to test this on your own. If you prefer to set up a meeting and do a guided POC, please reach out to Thomas Loepp Thiessen (tlt@edgeless.systems) or use the contact form for more information.
Is this link still available? I can't access now.
The video is still available. Maybe the shortened YouTube link is not working for you. This is the full video URL: https://www.youtube.com/watch?v=mSfvhkLLMD8
Hi @daniel-weisse will you consider to support Alibaba TDX and Azure TDX? They are now providing TDX private preview.
Hi @RodgerZhu. Thanks for reaching out. Support for TDX on public clouds is work in progress. We will share more details soon.
Thanks @malt3 ! If needed, we can provide online TDX instance for integration and cooperation. Could pls. email me (yunge.zhu@intel.com) for more discussion?
On: Aug 2, 2023 AWS announces the general availability of Amazon EC2 M7i-flex and EC2 M7i instances powered by custom 4th Gen Intel Xeon Scalable processors (code-named Sapphire Rapids). https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-ec2-m7i-flex-m7i-instances/?nc1=h_ls
On July 31, 2023: GCP: Generally Available: C3 VMs with 4th Gen Intel Xeon and industry-leading price-performance https://cloud.google.com/blog/products/compute/c3-machine-series-on-intel-sapphire-rapids-now-ga?hl=en
On 15 November, 2023 Azure: Announcing the public preview of confidential VMs with Intel TDX https://azure.microsoft.com/en-gb/updates/confidential-vms-with-intel-tdx-dcesv5-ecesv5-public-preview/
Hi there,
Support for Intel TDX is currently in development. You can check out the progress here: https://github.com/edgelesssys/constellation/tree/feat/tdx-libvirt
The current implementation state is for local QEMU/KVM deployments only and requires TDX hardware. Support for TDX on Cloud Provider solutions e.g. Azure or GCP will come when and if the CSP support this.
Since some sapphire rapids offers appear: Would be curious on current state of this topic (the link mentioned above is dead). What also would be interesting, which difference do you see when comparing AMDs vs Intels solution?
@malt3 @daniel-weisse Any comments on if and when Constellation will be available for public cloud offerings?
Azure just announced a public preview for TDX which we are currently evaluating. We can't give any dates yet, but if TDX on Azure supports our required features, we will try to get Constellation running with TDX as soon as possible (soon hopefully meaning 1 or 2 months, not half a year).
@daniel-weisse sounds interesting! Thanks for all you're stunning work! just out of curiosity: is there any reason you prefer waiting for azure? Are the already available gcp/aws instances named above missing some needed features?
@hpvd Even though both AWS and GCP have Sapphire Rapids offerings, neither have a public TDX offering. We are not currently working on a bare metal deployment option for Constellation, so just having the CPUs available is not enough. There is a private preview for TDX on GCP, however I am not yet aware of a timeline for a public release.
@daniel-weisse many thanks for this details!
Azure just announced a public preview for TDX which we are currently evaluating.
Some early evaluation results: We identified a missing feature. Azure's TDX offering currently does not allow guests to access a TDREPORT. This is a hard requirement for remote attestation. We expect this issue to be resolved in the near future and will re-evaluate this again soon.
Support for Azure's TDX offering was added with v2.15.0.
@malt3 @daniel-weisse
Running a TDX VM on Azure, I'm not able to access the /dev/tdx_guest
device and thus I'm unable to get the TDREPORT for the VM. How have you solved this?
Hi @fnerdman
Azure does not expose the TDX device to the guest VM directly.
Instead, Azure makes use of TD partitioning to run a vTPM inside a trust domain which has access to the TDX device (/dev/tdx_guest
), and provides access to that vTPM to the trust domain running your VM.
The vTPM holds a TDX quote over the vTPM's attestation public key in its NVRAM.
Azure also uses a very similar approach for CVMs with AMD SEV-SNP.
You can find some implementation details on how to retrieve this quote in these two Azure repos: https://github.com/Azure/confidential-computing-cvm-guest-attestation https://github.com/Azure/cvm-attestation-tools
Or you can take a look at our Azure attestation code: https://github.com/edgelesssys/constellation/tree/main/internal/attestation/azure
Hope this helps
Thanks! Is there any documentation on this vTPM hypervisor? I've been able to extract the TDREPORT from the vTPM and get a quote, but the MRTD never changes, so I was expecting this to be the quote for a seperate vTPM TD (similar to this). Is there any way to verify the MRTD, like being able to deterministically build the vTPM hypervisor so that one can get to the same MRTD value? Or are we just plainly trusting Microsoft here?
As far as I know, Azure has not yet published any public documentation regarding this, so you will have to trust Azure here.
Use case
Describe your solution
Additional context