Virtual Firmware for Intel® Trust Domain Extensions
2020-12-03, 21:45–22:15, Main Stage

Intel® Trust Domain Extensions (Intel® TDX) introduce architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.
This presentation introduces the architecture for TDX Virtual Firmware (TDVF), and the firmware reference implementation available in open source. The talk covers how TDVF runs from the TD reset vector, records runtime measurements, manages private memory, interacts with the Intel TDX module in Secure Arbitration Mode (SEAM), and loads the operating system (OS).

The audience will learn the role TDVF plays in setting up and protecting a TD and how Intel TDX establishes a chain of trust from reset vector to OS handoff.

Related Projects

tianocore, UEFI

See also: Presentation

Jiewen Yao is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He is the maintainer of tianocore/EDKII security package and crypto package.

This speaker also holds: