5-Intel TDX技术解析-杜凡.pdf

1、机密计算之Intel TDX 技术解析IntelFan DuCloud Software ArchitectIntel Confidential2MKTME Multi Key TMEiMC.MKTME(AES-XTS)DRAMCPUCacheCipher TextPlain TextSoftwareKey IndexKey MaterialEncrypt Mode0TME1EncryptN-1No encryptPage TableVAPAKey idx Repurpose MSB physical address as key id Assign key with VA/PA mappin

2、g in page table Introduce new ISA PCONFIG to configure key ICX 64 keys,SPR 128 keysKey idxPFNProtPTE EntryInitialized by OS page fault handlerInitialized by PCONFIGIntel Confidential3Preparation Virtualization BasicsVMX Non-Root ModeVCPU0VCPU1VCPU NVMX Root ModeHost state AreaGuest state AreaVM Exec

3、ution CtrlCPU0CPU1CPU MVMCSExtended Page Table(EPT)Ring0:Guest KernelRing3:Guest OSGuest Physical AddressRing0:Host KVM ModuleRing3:QemuHost Physical MemoryIntel Confidential4Design goal of TDXTrust Domain Extensions(TDX)extends Virtual Machines Extensions(VMX)and Multi-Key Total Memory Encryption(M

4、KTME)to build kind of virtual machine called Trusted Domain(TD).The TD CPU state and memory are protected against from BIOS,host OS,device and any other firmware unless explicitly shared by TD.Intel Confidential5TDX Trust Domain eXtensionKey IndexKey MaterialEncrypt Mode0TME1EncryptN-1No encryptPart

5、ition MKTME key into shared key and private key.Introduce SEAM mode(SEcure Arbitration Mode)Limit private key usage Setup VM private mapping in secure EPT Intercept ISAs caused VM_EXIT to VMM Protect VM CPU stateShared KeysPrivate KeysIntel Confidential6TDX Modes TransitionsVMXONVMXOFFDefaultHost VM

6、MLegacy VMTD VMTDX ModuleVM EntryVM ExitVM EntryVM ExitOut of VMXVMX RootVMX Non-RootSEAM ModeNon-SEAM ModeMKTME Private KeyMKTME Shared KeyMKTME Shared KeySEAMCALLSEAMRETIntel Confidential7TDX Migration ArchitectureIntel Confidential8TDX C