Intel’s new chips get big safety boost

/in


Intel and Google Cloud have just released a joint report detailing a months-long audit of a new security feature on Intel’s latest server chips: Trust Domain Extensions (TDX). The report is a result of a collaboration between security researchers from Google Cloud Security and Project Zero, and Intel engineers. It led to a number of pre-release security improvements for Intel’s new CPUs.

TDX is a feature of Intel’s 4th-generation “Sapphire Rapids” Xeon processors, though it will be available on more chips in the future. It’s designed to enable Confidential Computing on cloud infrastructure. The idea is that important computations are encrypted and performed on hardware that’s isolated from the regular computing environment. This means that the cloud service operator can’t spy on the computations being done, and makes it harder for hackers and other bad actors to intercept, modify, or otherwise interfere with the code as it runs. It basically makes it safe for companies to use cloud computing providers like Google Cloud and Amazon Web Services for processing their most important data, instead of having to operate their own secure servers.

However, for organizations to rely on features like TDX, they need some way to know that they’re genuinely secure. As we’ve seen in the past with the likes of Meltdown and Spectre, vulnerabilities at the processor level are incredibly hard to detect and mitigate for, and can allow bad actors an incredible degree of access to the system. A similar style of vulnerability in TDX, a supposedly secure processing environment, would be an absolute disaster for Intel, any cloud computing provider that used its Xeon chips, and their customers. That’s why Intel invited the Google security researchers to review TDX so closely. Google also collaborated with chipmaker AMD on a similar report last year.

According to Google Cloud’s blogpost announcing the report, “the primary goal of the security review was to provide assurances that the Intel TDX feature is secure, has no obvious defects, and works as expected so that it can be confidently used by both cloud customers and providers.” Secondarily, it was also an…

Source…