What’s New:
-
Extend TDX-based Confidential AI solution to support configurable attestation service as needed.
The solution now supports 2 types attestation service: Alibaba Cloud attestation service and Trustee attestation service.
This solution demonstrates how to build a confidential AI inference service within a confidential virtual machines (CVM) using a suite of open-source frameworks and large language models (LLMs). It further illustrates how to integrate the Intel TDX based security measurement and remote attestation capabilities into LLM inference service, thereby establishing robust security authentication and privacy protected workflows for the LLM service. This approach ensures that both the model and the user data are managed securely, maintaining their integrity and protecting against unauthorized access throughout the entire service lifecycle.
Solution Link: Englist Version, Chinese Version -
Update TDX Memory dump demo - TDX Confidential Computing with Encrypted Memory protection for Application/Data in Runtime.
This demo primarily shows the memory encryption protection provided by TDVM at runtime.
In traditional virtual machines, memory dump attacks are a serious concern. A privileged user—such as a hypervisor, host administrator, or an attacker who has broken privilege control—can use tools like virsh or gdb to access the full memory of a virtual machine. Since legacy VM memory is stored in plaintext, sensitive data can be easily extracted from the dump.