2.1

Overview

This release adds new features and bug fixes for IntelⓇ Trust Domain Extensions (TDX) on Ubuntu 24.04.

To install this release, you can either do it on a freshly installed 24.04 system or on your existing setup.

TDX Components

• Kernel:
  • Version: 6.8.0-1010-intel
  • Add host kexec / kdump support
  • Fix TDMR reserved areas that may exceed the limit of 16 which can result in TDX module initialization failure
  • Source link
• QEMU:
  • Version: 8.2.2
  • Updated to 8.2.2 to be in sync with Ubuntu 24.04 mainline QEMU
• Libvirt:
  • Version: 10.0.0
  • Add support for “Quote-Generation-Service” option
• OVMF/EDK2:
  • Version: 2024.02
  • Add SecureBoot support for TDs
• Remote attestation components:
  • Intel DCAP 1.21 - Refer to upstream source for more details
  • Intel Trust Authority Client 1.5.0 - Refer to upstream source for more details

Project Tools and Support

• Change the project license to GPLv3 (#110)
• Remove support for the package tdx-tools
• Move remote attestation packages into a separate PPA to avoid conflicts with Intel’s upstream SGX/DCAP (#158)
• Add system-report.sh script to collect system’s TDX readiness status to help with debugging (#188)
• Minor bug fixes and enhancements for various shell scripts

Known Issues/Current Limitations:

• Nested virtualization is not supported (#200)
• TD doesn't support more than 1 socket/die CPU topology
• Drop of performance if TD’s RAM is not 2M aligned for Transparent Huge Page
• PMU (Performance Monitoring Unit) is currently not supported and it is disabled by default. (#182)
• Graphics support is disabled (graphic and remote access like VNC are all not supported). (#202)
• I/O device pass-through is not fully supported (#137)
• Guest Kexec is currently not supported (#204)