While the open-source, Rust-based Cloud Hypervisor project was started by Intel as a modern VMM for cloud workloads and focused on security, some Intel CPU features are now bit-rotting. In turn the new Cloud Hypervisor 46 release has deprecated support for Intel Software Guard Extensions (SGX) while even their modern Trust Domain Extensions (TDX) feature is in jeopardy but now with Google engineers set to takeover that code.

Cloud Hypervisor 46 has deprecated Intel Software Guard Extensions (SGX) support even with this security feature still being found in the newest Xeon processors. The future of SGX and in turn the Trust Domain Extensions feature was recently [1]brought up within the Cloud Hypervisor project:

"We no longer have an SGX builder and we never had any TDX automation available. We need to consider if we should continue to keep code that we cannot test (in the case of SGX) and probably has bitrotted (in the case of TDX.)

I would propose 2 cycles of deprecation warnings before removal if we don't get anybody speaking up to maintain this."

For Cloud Hypervisor being started by Intel and having led the project originally, rather embarrassing that two notable Intel security features would be removed. Following layoffs at Intel and other happenings, their contributions to Cloud Hypervisor have sharply decreased. But for now it was decided to just deprecate the SGX support. Google engineers have expressed interest in taking over the TDX feature code for Cloud Hypervisor.

In addition to deprecating Intel SGX support and then remove it for Cloud Hypervisor 48, the Cloud Hypervisor 46 release also adds file-locking support for disk images, improved error reporting during VM resizing, IPv6 address support with the --net argument, experimental AArch64 support with the MSHV hypervisor, and various bug fixes.

Cloud Hypervisor 46 downloads and more at [2]GitHub .



[1] https://github.com/cloud-hypervisor/cloud-hypervisor/issues/6960

[2] https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v46.0