Where does one get seamldr?

intel / tdx-module

Trust Domain Extensions (TDX) is introducing new, architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.

https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html

Other

40 stars 7 forks source link

Where does one get seamldr? #3

Open rnertney opened 7 months ago

rnertney commented 7 months ago

I found on the Intel site.

However, the build instructions are not the clearest. I'm able to build the p-seam-loader (same way as my Issue #1), but building np-seam-loader requires windows-based Visual studio. I'm instructed to open a command prompt to the Projects\Server\Emr\Seamldr folder, and then run make.

make doesn't resolve on windows. opening any of the vcxproj or sln files in Visual Studio on Windows also can't resolve all of the errors.

What are the steps needed to rebuild the seam loader so that I can launch TDX1.5 (when my UEFI doesn't have the 1.5 support builtin)?

sergey687 commented 7 months ago

Hi Rob, currently SEAMLDR is not open-source yet. You can file your question through the Intel TDX landing page - https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html

sergey687 commented 7 months ago

Also, the build option provides the ability to compare the publicly exposed source code to the officially released binary. To run the TDX Module it is required to use the official signed binaries released by Intel. Intel does not provide an environment to run TDX with non-signed binaries.

rnertney commented 7 months ago

How can I utilize the right-most path for loading the 1.5 TDX module?

Are you suggesting that the support query on the Intel page is the route I should take to get the binary to utilize TDX 1.5 on my system? My SBIOS works for SPR TDX1.0, but I don't have an updated one where the UEFI will load SEAM->TDX1.5.

When you download the SEAM loader from the page, it just gives a bunch of projects to build.

iaxel77 commented 7 months ago

Hi Rob, Thank you again for showing interest in our TDX technology. We can provide answers to TDX Module source code related questions on this GitHub page. Questions about enabling activities should be directed through the enabling channels or through the official Intel TDX page: https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html

Gelob commented 7 months ago

Hi @iaxel77 that page suggests emailing tdx.support@intel.com, however that email bounces back

devopsinvictus commented 7 months ago

Verify input parameters, including the Intel TDX module’s signature structure. Load the Intel TDX module image and verify its measurement. Configure relevant regions and SEAM transfer VMCSs. Return to the Virtual Machine Monitor (VMM) after successful loading and verification. This process ensures secure execution of trust domains within your system.

matti commented 3 months ago

everything what's TDX software is exactly like this issue. I don't understand why intel provides almost 0 support to actually use the TDX hardware.

JaewonHur commented 2 months ago

Is there anyone who managed to build the NP-SEAM Loader?