Teams from Google Project Zero and Intel have taken a closer look at Intel Trust Domain Extensions (Intel TDX). The joint investigation led to the resolution of several security flaws in the Confidential Computing solution.
In a blog post, the two companies explain how they investigated Intel TDX. The solution enables companies to process sensitive data in a secure environment, through modules within the system memory. Confidential Computing means that the calculations are performed in a hardware-isolated environment, with encryption that the processor performs without the user being able to access it.
Cooperation
The collaboration was between Intel’s hardware developers and Google’s Project Zero team, a group of security analysts who identify zero-day vulnerabilities. The two parties maintained contact with an issue tracker and technical meetings. Intel provided Project Zero with extensive technical information, enabling the discovery of ten security vulnerabilities. In addition, Intel applied five defense-in-depth changes over a nine-month period. This method means that several security measures work together to provide extra security.
Intel hopes that this will ensure users do not have to worry about the security and reliability of their data. “We have a responsibility to make sure the technology is secure,” said Anil Rao, VP/GM Systems Architecture & Engineering at Intel.
Open source
In the spirit of transparency, Google supports Intel’s decision to open-source the firmware codebase behind the TDX hardware. This will help Google Cloud customers and the industry strengthen their security posture. Both parties want to propagate the benefits of cooperation by publishing this research. Intel is also accelerating its noname security software.
