Intel has been a pioneer in Confidential Computing by introducing Software Guard Extensions – better known as SGX – as early as 2013. It continues this trend with the upcoming Trusted Domain Extensions or TDX. But when it comes to Intel SGX vs Intel TDX, what is the difference?
We first briefly explain Intel SGX – the technology, state of progress, support and outlook. Next, we move on to TDX to introduce it too. Finally, we will conclude with a comparison of the two technologies. Reading this article will help you understand when you should use TDX or SGX, and how the two are related.
SGX was first publicly presented in a brief, 6-page workshop article called “Innovative instructions and software model for isolated execution”. The was accompanied by a complement article describing Intel’s approach to CPU-based attestation and sealing used in the SGX implementation. Despite important firmware upgrades and a significant overhaul in SGX II, the fundamental architecture of SGX remained the same. SGX is a process-based confidential computing environment. A core premise of SGX is that the security of the code and data deployed in an enclave relies on the security of the firmware and microcode implementing the SGX features. The rest remains untrusted – including the entire underlying operating system and other enclaves.
Once SGX became available in the wild, academic researchers and practitioners managed to find dozens of vulnerabilities. Another aspect that slows down adoption is that SGX has important memory limitations and its own, peculiar programming model. This makes porting legacy software slow and error-prone. The future of SGX remains unclear – while it is still available on many server platforms, Intel has already announced that it will stop supporting SGX on consumer platforms.
TDX – or Trusted Domain Extensions – is a more recent implementation of a confidential computing environment. Its approach builds on lessons learned from SGX and the understanding that memory limitations and peculiar programming models do not bode well with legacy, general-purpose computing applications that require additional isolation in the cloud. Instead, Intel TDX is a virtualisation-based confidential computing environment. In a nutshell, with TDX the entire virtual machine is an isolated, confidential computing environment, equivalent to an enclave in the SGX model. In this case, the security of code and data deployed in a TDX virtual machine depends on the virtualised operating system’s security, its correct configuration and the security of the underlying firmware. The rest remains untrusted – including the virtualisation layer and its configuration.
Intel TDX reuses some elements of Intel SGX to perform the security attestation of virtual machine images launched in the TDX domain. To strengthen isolation, TDX virtual machines execute is a new processor mode, called SEAM. Now that the entire virtual machine is a confidential computing environment, users can deploy legacy applications and run them without notable performance or memory limitations. The TDX architecture replicates some of the AMD-SEV-SNP and IBM PEF features introduced earlier.
At the time of writing (July 2022), there is no publicly available hardware the TDX support. However, Intel engineers are already in the last stages of adding support for TDX features in the Linux kernel. Mainline Linux kernel support is expected in Linux v5.19 later this year. There is, however, no clear indication of upcoming hardware availability.
Conclusion: Intel SGX vs TDX
Both SGX and TDX fit into the paradigm of confidential computing. However, Intel TDX is very different from SGX in several core ways. First, it is a virtualisation-based confidential computing environment, with less performance and memory. Second, TDX allows trivial deployment of legacy applications and does not require adapting them to a different programming model (as does SGX). Third, it features a better isolation thanks to executing in a new processor mode.