search

intel / tdx-module

Trust Domain Extensions (TDX) is introducing new, architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.
https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html
Other
42 stars 9 forks source link

How to prevent untrusted BIOS from loading compromised P-SEAM loader? #4

Open JaewonHur opened 3 months ago

JaewonHur commented 3 months ago

Hi, I am studying the loading procedure of TDX module,

Based on the SDMs, I found that ensuring the initial integrity of P-SEAM loader (which is loaded into the SEAM Range) is the key to protect following modules (e.g., TDX module, TDVMs).

Also, I read that NP-SEAM loader (authenticated by Intel) is responsible to load the P-SEAM loader.

However, aren't there any possibility that untrusted BIOS loads its own compromised P-SEAM loader and finalizes SEAM Range by configuring SEAMRR MSRs?

Is there any hardware mechanism that prevents untrusted BIOS from writing SEAMRR MSRs?

I could not find any information from the SDMs.

iaxel77 commented 3 months ago

Thank you for showing interest in our TDX technology. P-SEAM Loader can only be loaded by NP-SEAM Loader and both are part of the same Intel signed binary. Intel’s SEAM architecture prevents loading a non-Intel P-SEAM Loader.

Please find more details here: Documentation for Intel® Trust Domain Extensions

Specifically in the following documents: Intel CPU Architectural Extensions Specification Intel TDX Loader Interface Specification