ijlal-loutfi
on 25 April 2023
Try Ubuntu confidential VMs with Intel TDX today: limited preview now available on Azure
On behalf of the Canonical confidential computing team, I am happy to announce the limited preview of Ubuntu Confidential VMs with Intel TDX on Microsoft Azure. As part of the DCev5-series and ECesv5-series VMs, they’re available for you to try today! This exciting development is an important milestone in Ubuntu’s journey to power the confidential public cloud of the future.
Confidential computing threat model
With cloud technology enabling faster and more flexible infrastructure deployment than ever before, security challenges have also become more complex. Traditionally, any vulnerability within the millions of lines of code in the cloud’s privileged system software (such as the operating system, hypervisor, and firmware) would compromise the confidentiality and integrity of the running code and data. Similarly, a malicious cloud administrator could potentially access the VM or its platform, compromising the security of your data.
Intel Trust domain extensions – TDX
Confidential computing represents a fundamental shift to the threat model of the public clouds .As such, Intel TDX, which comes with the new 4th Generation Intel Xeon CPUs, allows you to run your workload within a logically isolated hardware-rooted execution environment. This is achieved by TDX carving out a portion of system memory which is encrypted at run-time by a new AES-128 encryption engine, and by adding new access control checks that mediate access to this memory, and prevent external access to it even from the cloud’s privileged system software.
To verify the security claims of confidential VMs, native support for attestation with Microsoft Azure Attestation will also be available in the future. This will provide a hardware-rooted cryptographic proof, including a measurement/hash that attests to the integrity of the software loaded into the TEE, and a cryptographic signature that attests to the authenticity of the cloud’s TEE hardware.
Try Ubuntu confidential VMs today
Intel TDX Ubuntu Confidential VMs on Azure is a key step towards building a strong foundation for a zero-trust security strategy in the cloud. Try Ubuntu Confidential VMs on Azure today and experience the future of cloud security. We’re excited to hear your feedback!
Be sure to check out the following helpful links:
- Contact us
- Join the Intel TDX limited preview today
- Watch our webinar to learn more about confidential computing
- Read our blog post: “What is confidential computing? A high-level explanation for CISOs”
- Read our blog post:“Confidential computing in public clouds: isolation and remote attestation explained”