---
myst:
  html_meta:
    description: Enable Intel TDX confidential computing on Ubuntu to run encrypted Trust Domain VMs with memory and CPU state protection from the host.
---

(intel-tdx)=
# Confidential Computing with Intel Trust Domain Extensions (TDX)

[Intel TDX](https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html) is a Confidential Computing technology. It deploys hardware-isolated Virtual Machines (VMs) called Trust Domains (TDs), and protects them from a broad range of software attacks by isolating them from the Virtual Machine Manager (VMM), hypervisor, and other non-TD software on the host platform. This enhances a platform user's control of data security and IP protection. It also enhances a Cloud Service Providers' (CSP) ability to provide managed cloud services without exposing tenant data to adversaries.

Ubuntu supports Intel TDX for both host and guest operating systems. Guest support is available from Ubuntu 24.04 LTS onwards, while host support begins with Ubuntu 25.10.

(tdx-supported-hardware)=
## Supported hardware

This table lists Intel Xeon processors that support Intel TDX:

| Processor | Code Name | TDX Module Version |
| - | - | - |
| 4th Gen Intel Xeon Scalable Processors (select SKUs with Intel TDX) | Sapphire Rapids | 1.5.x |
| 5th Gen Intel Xeon Scalable Processors | Emerald Rapids | 1.5.x |
| Intel Xeon 6 Processors with E-Cores | Sierra Forest | 1.5.x |
| Intel Xeon 6 Processors with P-Cores | Granite Rapids | 2.0.x |

## Configure host

To enable Intel TDX on the host, BIOS and host OS configurations are required.
First, enable Intel TDX settings in the BIOS.

:::{note}
The following is a sample BIOS configuration. The necessary BIOS settings or menus may differ based on the platform used. Reach out to your OEM/ODM or independent BIOS vendor for platform-specific instructions.
:::

Navigate to {menuselection}`Socket Configuration --> Processor Configuration --> TME, TME-MT, TDX` and configure:

* Set `Memory Encryption (TME)` to `Enable`
* Set `Total Memory Encryption Bypass` to `Enable` (optional setting for best host OS and regular VM performance)
* Set `Total Memory Encryption Multi-Tenant (TME-MT)` to `Enable`
* Set `TME-MT memory integrity` to `Disable`
* Set `Trust Domain Extension (TDX)` to `Enable`
* Set `TDX Secure Arbitration Mode Loader (SEAM Loader)` to `Enable` (allows loading Intel TDX Loader and Intel TDX Module from the ESP or BIOS)
* Set `TME-MT/TDX key split` to a non-zero value

Navigate to {menuselection}`Socket Configuration --> Processor Configuration --> Software Guard Extension (SGX)` and configure:

* Set `SW Guard Extensions (SGX)` to `Enable`

Save the BIOS settings and reboot. 

Now, add the `nohibernate kvm_intel.tdx=1` kernel parameters to `GRUB_CMDLINE_LINUX_DEFAULT` in `/etc/default/grub`, run `sudo update-grub`, and then reboot again.
After rebooting, verify that the parameters have been applied:

```bash
cat /proc/cmdline 
```

You should see something like:

```text
BOOT_IMAGE=/boot/vmlinuz-6.19.0-3-generic root=UUID=f6ce4201-d6d1-4505-bdf5-019ee4fe842e ro nohibernate kvm_intel.tdx=1
```

Next, confirm that Intel TDX has been successfully enabled:

```bash
sudo dmesg | grep -i tdx
```

Which produces output like this:

```text
[    1.824045] virt/tdx: BIOS enabled: private KeyID range [32, 64)
[    1.824049] virt/tdx: Disable ACPI S3. Turn off Intel TDX in the BIOS to use ACPI S3.
[   24.195089] virt/tdx: 1050644 KB allocated for PAMT
[   24.195098] virt/tdx: module initialized
```

The message `virt/tdx: module initialized` tells us that TDX has indeed been enabled.
 
## Install virtualization stack

The next step is to install the virtualization components required to run TDs.

```bash
sudo apt update
sudo apt install \
  qemu-system-x86 \
  ovmf-inteltdx \
  libvirt-daemon-system \
  libvirt-clients
```

This installs:

* `qemu-system-x86` - QEMU emulator for x86_64 with Intel TDX support
* `ovmf-inteltdx` - EDK II UEFI firmware with Intel TDX-capable OVMF builds
* `libvirt-daemon-system` - Libvirt daemon for managing VMs
* `libvirt-clients` - Command-line tools for libvirt (virsh, etc.)

After installation, verify the Intel TDX-capable OVMF firmware is available:

```bash
$ ls -l /usr/share/ovmf/OVMF.inteltdx.ms.fd

-rw-r--r-- 1 root root 4194304 Jan 15 12:00 /usr/share/ovmf/OVMF.inteltdx.ms.fd
```

## Create a guest image

Download a cloud image (Ubuntu 26.04 LTS in this example):

```bash
wget https://cloud-images.ubuntu.com/resolute/current/resolute-server-cloudimg-amd64.img
```

Next, install the required tool:

```bash
sudo apt install cloud-image-utils
```

Create a cloud-init configuration file:

```bash
cat > user-data.yaml << 'EOF'
#cloud-config
chpasswd:
  list: |
    root:root
  expire: False
ssh_pwauth: True
disable_root: false
EOF
```

From that, create a cloud-init ISO:

```bash
cloud-localds user-data.img user-data.yaml
```

The `user-data.img` will be attached to the VM to apply the configuration.

:::{note}
For production use, set a strong password and configure SSH key-based authentication instead of password authentication.
:::

## Launch a TD guest using QEMU

Using QEMU, we can now launch a TD with the prepared image:

```bash
qemu-system-x86_64 \
  -accel kvm \
  -smp 32 \
  -m 16G \
  -cpu host \
  -object '{"qom-type":"tdx-guest","id":"tdx","quote-generation-socket":{"type": "vsock", "cid":"2","port":"4050"}}' \
  -object memory-backend-ram,id=mem0,size=16G \
  -machine q35,kernel_irqchip=split,confidential-guest-support=tdx,memory-backend=mem0 \
  -bios /usr/share/ovmf/OVMF.inteltdx.ms.fd \
  -nographic \
  -nodefaults \
  -vga none \
  -drive file=resolute-server-cloudimg-amd64.img,if=none,id=virtio-disk0 \
  -device virtio-blk-pci,drive=virtio-disk0 \
  -drive file=user-data.img,if=none,id=cloud-init,format=raw \
  -device virtio-blk-pci,drive=cloud-init \
  -serial stdio
```

Key Intel TDX-specific parameters:

* `-object '{"qom-type":"tdx-guest","id":"tdx",...}'`: Creates the TDX guest object that enables confidential computing capabilities. The `quote-generation-socket` configures the vsock channel (CID 2, port 4050) for remote attestation quote generation.
* `-machine q35,kernel_irqchip=split,confidential-guest-support=tdx,memory-backend=mem0`: 
  - `kernel_irqchip=split`: Required for Intel TDX to properly isolate interrupt handling between host and guest
  - `confidential-guest-support=tdx`: Links the machine to the Intel TDX guest object
  - `memory-backend=mem0`: Associates the machine with the Intel TDX-protected memory backend
* `-object memory-backend-ram,id=mem0,size=16G`: Defines the memory backend that will be encrypted by Intel TDX
* `-bios /usr/share/ovmf/OVMF.inteltdx.ms.fd`: Specifies the Intel TDX-capable UEFI firmware with Microsoft Secure Boot keys
* `-cpu host`: Uses the host CPU model to expose Intel TDX capabilities to the guest

For more details about these parameters, refer to the [QEMU documentation](https://www.qemu.org/docs/master/system/i386/tdx.html).

## Verify Intel TDX enablement in the guest

Once the TD is launched, verify that Intel TDX is enabled by checking the kernel logs:

```bash
sudo dmesg | grep tdx
```

You should see something like:

```text
[    0.000000] tdx: Guest detected
[   11.162378] systemd[1]: Detected confidential virtualization tdx.
```

You can also check the Intel TDX guest device:

```bash
$ ls -l /dev/tdx_guest

crw------- 1 root root 10, 125 Jan  1 00:00 /dev/tdx_guest
```

## Launch a TDX VM with libvirt

Intel TDX VM can be managed by libvirt. For this, the domain definition must be modified to contain
certain necessary information about the confidential VM. Here is a domain definition sample for Intel TDX VM:

```bash
cat > tdx-vm.xml << 'EOF'
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <name>tdx-guest</name>
  <memory unit='GiB'>16</memory>
  <memoryBacking>
    <source type="anonymous"/>
    <access mode="private"/>
  </memoryBacking>
  <vcpu placement="static">16</vcpu>
  <os>
    <type arch='x86_64' machine='q35'>hvm</type>
    <loader type='rom' readonly='yes'>/usr/share/ovmf/OVMF.inteltdx.ms.fd</loader>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <ioapic driver='qemu'/>
  </features>
  <clock offset='utc'>
    <timer name='hpet' present='no'/>
  </clock>
  <cpu mode='host-passthrough'>
    <topology sockets='1' cores='16' threads='1'/>
  </cpu>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type="file" device="disk">
      <driver name="qemu" type="qcow2"/>
      <source file="/var/lib/libvirt/images/resolute-server-cloudimg-amd64.img"/>
      <target dev="vda" bus="virtio"/>
    </disk>
    <console type='pty'>
      <target type='virtio' port='1'/>
    </console>
  </devices>
  <launchSecurity type='tdx'>
    <policy>0x10000000</policy>
    <quoteGenerationService>
      <SocketAddress type='vsock' cid='2' port='4050'/>
    </quoteGenerationService>
  </launchSecurity>
</domain>
EOF
```

Next, define the VM:
```bash
sudo virsh define tdx-vm.xml
```

Start the VM:
```bash
sudo virsh start tdx-guest
```

Connect to the console:
```bash
sudo virsh console tdx-guest
```

Key libvirt configuration elements for TDX:

* `<launchSecurity type='tdx'>`: Enables TDX confidential computing for the VM
* `<policy>0x10000001</policy>`: TDX policy controlling debug and other TD features
* `<quote-generation-service>`: Configures the vsock channel for remote attestation
* `<memoryBacking>`: Uses shared memory with `memfd` backend required for TDX
* `<loader>`: Specifies the TDX-capable OVMF firmware

## Manage the VM

List all VMs:

```bash
sudo virsh list --all
```

Stop the VM:

```bash
sudo virsh shutdown tdx-guest
```

Force stop the VM:

```bash
sudo virsh destroy tdx-guest
```

Remove the VM definition:

```bash
sudo virsh undefine tdx-guest
```

## Troubleshooting Intel TDX

**Intel TDX is not enabled on the host**

Ensure BIOS settings are correct and kernel parameters are enabled. 
Confirm the following MSR checks.

* Install the MSR tools package:
  ```bash
  sudo apt install msr-tools
  ```

* Verify that Multi-Key Total Memory Encryption (MK-TME) is enabled by checking bit 1 of MSR `0x982`:
  ```bash
  sudo rdmsr 0x982 -f 1:1 1
  ``` 
  Expected value of `1` indicates MK-TME is enabled in BIOS.

* Verify Intel TDX support by checking bit 11 of MSR `0x1401` (enable bit for `SEAMRR`--`SEAM` Range Registers): 
  ```bash
  sudo rdmsr 0x1401 -f 11:11 1
  ```
  Expected value of `1` indicates SEAMRR is enabled.  

* Verify the number of private keys allocated to TDs by checking bits `63:32` of `IA32_TME_CAPABILITY` MSR: 
  ```bash
  echo $((0x$(sudo rdmsr 0x87 -f 63:32)))
  ```
  This shows the number of private keys available for Trust Domains (`NUM_TDX_PRIV_KEYS`) in decimal format. A non-zero value indicates keys are allocated for Intel TDX.  

* Verify the number of private keys allocated to TDs by checking bits `63:32` of `IA32_TME_CAPABILITY` MSR:
  ```bash
  echo $((0x$(sudo rdmsr 0x87 -f 63:32)))
  ```
  This shows the number of private keys available for Trust Domains (`NUM_TDX_PRIV_KEYS`) in decimal format. A non-zero value indicates keys are allocated for Intel TDX.

* Verify the Intel SGX and MCHECK status.  
  ```bash
  sudo rdmsr 0xa0
  ```
  Expected value of `1` indicates it is enabled. A value of `1861` indicates SGX registration UEFI variables maybe corrupt. Boot into the BIOS and set `SGX Factory Reset` to `Enable`. This will result in two new keys. 


**`sudo dmesg | grep -i tdx` shows `virt/tdx: module initialization failed (-5)`**

You may have an old and unsupported Intel TDX Module. Try [updating to the latest Intel TDX Module](https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/04/hardware_setup/#deploy-specific-intel-tdx-module-version).

```{note}
If you chose to "Update Intel TDX Module via Binary Deployment", make sure you're using the correct Intel TDX Module version for your hardware. See the {ref}`Supported hardware <tdx-supported-hardware>` table.
```

**I rebooted my TD, but it shuts down instead**

Legacy (non-TDX) guests support reboot by resetting vCPU context. However, TD guests do not allow it for security reasons. You must power it down and boot it up again.