Fedora 43 Looking To Make It Easier To Deploy Intel TDX Confidential VMs
([Fedora] 2 Hours Ago
Better Intel TDX Support)
- Reference: 0001541112
- News link: https://www.phoronix.com/news/Fedora-43-Better-Intel-TDX
- Source link:
While [1]Fedora 42 was just released yesterday, already Red Hat developers and the Fedora development community have been busy thinking about [2]Fedora 43 that will debut this autumn. Among the early change proposals this week is one for better supporting Intel Trust Domain Extensions (TDX) with this next Fedora Linux release.
Intel TDX aims to provide a trusted execution environment (TEE) for deploying confidential virtual machines (VMs) for protecting from the host and other VMs that may be sharing the same server. While [3]Intel TDX has been in preview form with select processors since Sapphire Rapids and then broadly supported since Emerald Rapids, the software support roll-out for it has been slow. [4]Some Intel TDX code is still working its way to the mainline kernel while other bits have landed well past the arrival of Emerald Rapids, Sierra Forest, and Granite Rapids processors. Then again, the AMD SEV-SNP support for confidential computing has also been a long upstreaming process too.
Red Hat though is hoping that the Intel Trust Domain Extensions support will be in good shape by the end of the year that it can be a nicely supported feature of Fedora 43.
Some Intel TDX support is present in the newly-released Fedora 42 while for Fedora 43 the hope is to allow creating Intel TDX guests on Fedora hosts. This would place Intel TDX support on similar footing to the AMD SEV-SNP support in place since Fedora 41.
This Intel TDX support would need to ensure that the latest QEMU, libvirt, SELinux policy, virt-install, and latest Linux kernel are all good-to-go with Fedora 43.
Those wanting to learn more about the Intel TDX virtualization host plans for Fedora 43 can find out all the details via [5]this change proposal . The proposal still needs to be voted on by the Fedora Engineering and Steering Committee, but considering it's still early in the cycle, largely relying on already existing upstream code, and is for a shiny Intel feature, it will likely pass without any issue.
[1] https://www.phoronix.com/news/Fedora-42-Released
[2] https://www.phoronix.com/search/Fedora+43
[3] https://www.phoronix.com/search/Intel+TDX
[4] https://www.phoronix.com/news/Intel-TDX-For-KVM-Linux-6.16
[5] https://fedoraproject.org/wiki/Changes/ConfidentialVirtHostIntelTDX
Intel TDX aims to provide a trusted execution environment (TEE) for deploying confidential virtual machines (VMs) for protecting from the host and other VMs that may be sharing the same server. While [3]Intel TDX has been in preview form with select processors since Sapphire Rapids and then broadly supported since Emerald Rapids, the software support roll-out for it has been slow. [4]Some Intel TDX code is still working its way to the mainline kernel while other bits have landed well past the arrival of Emerald Rapids, Sierra Forest, and Granite Rapids processors. Then again, the AMD SEV-SNP support for confidential computing has also been a long upstreaming process too.
Red Hat though is hoping that the Intel Trust Domain Extensions support will be in good shape by the end of the year that it can be a nicely supported feature of Fedora 43.
Some Intel TDX support is present in the newly-released Fedora 42 while for Fedora 43 the hope is to allow creating Intel TDX guests on Fedora hosts. This would place Intel TDX support on similar footing to the AMD SEV-SNP support in place since Fedora 41.
This Intel TDX support would need to ensure that the latest QEMU, libvirt, SELinux policy, virt-install, and latest Linux kernel are all good-to-go with Fedora 43.
Those wanting to learn more about the Intel TDX virtualization host plans for Fedora 43 can find out all the details via [5]this change proposal . The proposal still needs to be voted on by the Fedora Engineering and Steering Committee, but considering it's still early in the cycle, largely relying on already existing upstream code, and is for a shiny Intel feature, it will likely pass without any issue.
[1] https://www.phoronix.com/news/Fedora-42-Released
[2] https://www.phoronix.com/search/Fedora+43
[3] https://www.phoronix.com/search/Intel+TDX
[4] https://www.phoronix.com/news/Intel-TDX-For-KVM-Linux-6.16
[5] https://fedoraproject.org/wiki/Changes/ConfidentialVirtHostIntelTDX
phoronix