In an effort to enable secure computing, Canonical has united forces with Intel in a strategic partnership. The combination of expertise will add confidential computing capabilities based on Intel's Trust Domain Extensions (Intel TDX), to the Ubuntu operating system, the companies state.
This innovation comes in response to data security issues, with 39% of businesses reporting a data breach in cloud environments within the past year. This collaboration is current and relevant, aiming to counter prevalent data security challenges at run-time.
The partnership will streamline the deployment of Intel TDX on 5th Gen Intel Xeon Scalable processors, which is crucial for data security. Data is susceptible to multiple threats during processing, from malicious system software like compromised operating systems, firmware, or individuals with elevated privileges. Confidential computing is designed to address this gaping security issue, ensuring that the data in use is protected.
Intel TDX, the latest addition to Intel’s confidential computing portfolio, introduces new elements that directly tackle run-time security challenges in virtualised environments.
The strategy builds upon trust domains (TDs), virtual machines that are both secure and isolated, guarding against threats including those from the virtual-machine manager and other non-trust domain software on the platform. Intel TDX, powered by CPUs capable of Intel TDX, encrypts memory pages at run-time using an encryption key protected by the TDX hardware root of trust and only accessed by the TD owner.
Mark Skarpness, Vice President and General Manager of System Software Engineering at Intel, stated, "Through our collaboration, Canonical now offers an Intel-optimised version of their enterprise distribution that incorporates all the latest Intel TDX architectural elements in 5th Gen Xeon Scalable processors. This gives customers confidence that their sensitive data is secure while promoting privacy and compliance."
Cindy Goldberg, VP of Silicon Alliance at Canonical, said, "This extension of our long-standing partnership with Intel into Intel TDX allows users of 5th Gen Intel Xeon Scalable processors to start building their confidential computing infrastructure with Ubuntu today. It offers powerful hardware-rooted confidentiality and integrity security guarantees."
This innovative step in secure computing has recently become available to customers with the private preview of Intel TDX on Ubuntu 23.10. The preview supports customers on their journey toward confidential computing with Ubuntu on Intel TDX.
Further plans are afoot for extensive expansion into Ubuntu 24.04 LTS and beyond. Once customers acquire a 5th Gen Intel Xeon Scalable processor, they can easily deploy both an Ubuntu host for Intel TDX with the kernel, Libvirt QEMU, and Trust Domain Virtual Firmware (TDVF), and an Ubuntu guest Intel TDX VM equipped with the necessary enlightened kernel, Shim, and Grub.
This strategic alliance pledges further advancements in confidential computing, bridging the gap between limit-pushing silicon innovation and software ecosystem readiness.
With Ubuntu-based Intel TDX available on major public cloud providers like Microsoft Azure and Google Cloud, the development of multi-cloud hybrid confidential computing strategy with Ubuntu can begin today. The partnership invites feedback and questions from those who deploy the Ubuntu Intel TDX build, recognising the importance of collaboration in driving innovation and fortify data security for the future.