Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

ijlal-loutfi
on 25 April 2023

Try Ubuntu confidential VMs with Intel TDX today: limited preview now available on Azure


On behalf of the Canonical confidential computing team, I am happy to announce the limited preview of Ubuntu Confidential VMs with Intel TDX on Microsoft Azure. As part of the DCev5-series and ECesv5-series VMs, they’re available for you to try today! This exciting development is an important milestone in Ubuntu’s journey to power the confidential public cloud of the future.

Confidential computing threat model

With cloud technology enabling faster and more flexible infrastructure deployment than ever before, security challenges have also become more complex. Traditionally, any vulnerability within the millions of lines of code in the cloud’s privileged system software (such as the operating system, hypervisor, and firmware) would compromise the confidentiality and integrity of the running code and data. Similarly, a malicious cloud administrator could potentially access the VM or its platform, compromising the security of your data. 

Intel Trust domain extensions – TDX

Confidential computing represents a fundamental shift to the threat model of the public clouds .As such, Intel TDX, which comes with the new 4th Generation Intel Xeon CPUs, allows you to run your workload within a logically isolated hardware-rooted execution environment. This is achieved by TDX carving out a portion of system memory which is encrypted at run-time by a new AES-128 encryption engine, and by adding new access control checks that mediate access to this memory, and prevent external access to it even from the cloud’s privileged system software. 

To verify the security claims of confidential VMs, native support for attestation with Microsoft Azure Attestation will also  be available in the future. This will provide a hardware-rooted cryptographic proof, including a measurement/hash that attests to the integrity of the software loaded into the TEE, and a cryptographic signature that attests to the authenticity of the cloud’s TEE hardware.

Try Ubuntu confidential VMs today

Intel TDX Ubuntu Confidential VMs on Azure is a key step towards building a strong foundation for a zero-trust security strategy in the cloud. Try Ubuntu Confidential VMs on Azure today and experience the future of cloud security. We’re excited to hear your feedback!

Be sure to check out the following helpful links:

Related posts


yash-aggarwal
4 November 2024

Join us for Microsoft Ignite

Ubuntu Article

The Canonical team is gearing up for the next big gathering at Microsoft Ignite 2024, which will take place from November 18 – 22, 2024. Get ready to dive deep into the latest conversations that will shape the future of cloud and open-source innovation. Expand and secure your Microsoft Ignite journey with a visit to ...


ijlal-loutfi
8 July 2024

Deploy confidential computing with Intel® TDX and Ubuntu 24.04 today

Confidential computing Confidential computing

Discover how to deploy confidential computing with Intel® Trust Domain Extensions (Intel® TDX) on Ubuntu 24.04 LTS. Enhance your data security with simplified VM isolation, protecting sensitive data in system memory effortlessly. ...


ijlal-loutfi
21 February 2024

Preview Confidential AI with Ubuntu Confidential VMs and NVIDIA H100 GPUs on Microsoft Azure

Confidential computing Confidential computing

Learn about Confidential AI preview on Azure with Ubuntu confidental VMs and Nvidia H100 GPUs, and explore how confidential computing in the cloud transforms AI security, ensuring utmost confidentiality and integrity for sensitive data and models. ...