https://open.spotify.com/embed/track/0ZJTO8mUu15DTYnFzTA8hs?utm_source=generator
Be aware of the existence of the TPM on most of the modern computers. This model serves for a different purpose as TEE does because TPM usually has only fixed functionality that can only perform some pre-defined cryptographic operations, while TEE allows developers to execute arbitrary code inside it and maintains the confidentiality and integrity of the code and data involved during the computation phase. There are even some TPM implementations inside a TEE.
Since Intel SGX faces lines of different side-channel attacks (e.g., the branch-shadowing attack), and its internal designs are flawed (e.g., it leaks access patterns), Intel is going to replace it with more state-of-the-art and more secure one called Trusted Domain eXtension (TDX for short) in the hope of achieving the security guarantees that ARM TrustZone could provide.
The overall architecture of Intel’s TDX design.
The fundamental reason why SGX is insecure: SGX does not isolate a hardware-enclave that forbids all observations from the OS. An inherent flaw of SGX is that SGX shared the memory with the OS and even if the memory is encrypted, the memory bus is not protected against adversary. How do multiple enclaves communicate with each other and how do differently implemented TEEs communicate with each other are still left as big problems we need to solve.
What is TDX? In short, TDX is Virtual Machine that built atop Intel’s virtual machine extensions instruction-set-architecture extensions, multi-key, total-value-memory-encryption, and a CPU-attested, software module. The building blocks for TDS include: 1) SGX, 2) Virtualization Technology (VT), 3) Total Memory Encryption (TME), and 4) Multi-Key Total Memory Encryption (MKTME).
Main supporting framework: Secure-Arbitration-Mode (SEAM): It is used to host an Intel-provided, digitally signed, but not encrypted, security-services module. The Intel-TDX module is hosted in a reserved, memory space identified by the SEAM-range register (SEAMRR). This space blocks ALL requests from the outside world, including direct memory access (DMA), and other software accesses. ⇒ Can be viewed as a secluded space “ideal world” in crypto.
Installation of trusted application code. To install TD modules into the SEAM-memory space, we need a new Intel Trusted Execution Technology (TXT) authenticated-code module (ACM) as a helper module (called SEAMLDR) to first verify the digitally signed TD modules and then load them into the SEAM-memory.
The main construction of the VMM + TDX + TD. TDX is like a “arbitrator” that sanitizes all the control / data flow between the VMM and the TD (? like a VM).
The workflow of TDX module.
SEAMCALL instruction; then the TDX module is awaken for providing interfaces to the VMM to create, delete and schedule execution of TDs. [VMM acts like a handle to TDX Module] VMM will allocate resources for the TD code and data, and it keeps virtual-machine control structure (like Process Control Table) and a state-save area for keeping the state of TD when it is not running actively.SEAMREPORT instruction is introduced to help create an evidence struct that is cryptographically bound to the platform hardware with a MAC. This helps generate a remote-attestation quote.The TDX module is designed to provide a TD with the following capacities: