Intel Trust Domain Extensions (TDX) is a new architectural extension in the 4th Generation Intel Xeon Scalable Processor that supports confidential computing. TDX allows the deployment of virtual machines in the Secure-Arbitration Mode (SEAM) with encrypted CPU state and memory, integrity protection, and remote attestation. TDX aims to enforce hardware-assisted isolation for virtual machines and minimize the attack surface exposed to host platforms, which are considered to be untrustworthy or adversarial in the confidential computing's new threat model. TDX can be leveraged by regulated industries or sensitive data holders to outsource their computations and data with end-to-end protection in public cloud infrastructure. This paper aims to provide a comprehensive understanding of TDX to potential adopters, domain experts, and security researchers looking to leverage the technology for their own purposes. We adopt a top-down approach, starting with high-level security principles and moving to low-level technical details of TDX. Our analysis is based on publicly available documentation and source code, offering insights from security researchers outside of Intel.

翻译：英特尔信任域扩展（TDX）是第四代英特尔至强可扩展处理器中的一项新架构扩展，支持机密计算。TDX 允许在安全仲裁模式（SEAM）中部署虚拟机，具备加密的 CPU 状态和内存、完整性保护以及远程证明。TDX 旨在为虚拟机强制执行硬件辅助隔离，并最小化暴露给主机平台的攻击面，在机密计算的新威胁模型中，这些主机平台被视为不可信或对抗性的。受监管行业或敏感数据持有者可利用 TDX，在公共云基础设施中外包其计算和数据，实现端到端保护。本文旨在为潜在采用者、领域专家以及希望利用该技术实现自身目的的安全研究人员提供对 TDX 的全面理解。我们采用自上而下的方法，从高级安全原则开始，逐步深入到 TDX 的低级技术细节。我们的分析基于公开可用的文档和源代码，提供了来自英特尔外部安全研究人员的见解。