CanaryBit has played a pivotal role in enabling AMD SEV-SNP support in Proxmox VE 8.4 early this year. Now, it has strengthened confidential computing capabilities for virtualized environments even further by enabling support for Intel TDX in the Proxmox VE 9.1 release.
Introduction
The release of Proxmox VE 9.1 marks a significant milestone in virtualization technology. Among its many enhancements, such as support for OCI-based LXC containers, TPM state in qcow2, and improved SDN reporting, the inclusion of Intel Trust Domain Extensions (TDX) stands out as a breakthrough for secure cloud and edge deployments. CanaryBit has been instrumental in ensuring that Intel TDX is fully supported in this release.
What is Intel TDX?
Intel TDX is a hardware-based security technology designed to protect virtual machines from unauthorized access, even from privileged system software such as hypervisors. It introduces the concept of Trust Domains (TDs), which isolate VMs at the hardware level, ensuring:
- Confidentiality: VM memory is encrypted and inaccessible to the host.
- Integrity: Unauthorized modifications are prevented.
- Attestation: Remote parties can verify the trustworthiness of the VM environment.
This makes TDX particularly valuable for enterprises handling sensitive workloads, regulated industries, and multi-tenant cloud environments.
CanaryBit’s Contribution
CanaryBit has been actively working on confidential computing frameworks and enabling secure collaboration across organizations. By contributing to the integration of Intel TDX in Proxmox VE 9.1, CanaryBit ensures that:
- Proxmox users can deploy confidential VMs with hardware-backed isolation.
- Compliance requirements (such as GDPR and financial regulations) are easier to meet thanks to stronger guarantees of data protection.
- Cost efficiency is maintained, as Proxmox remains an open-source platform with enterprise-grade features.
This aligns with CanaryBit’s mission of making confidential computing accessible and practical for real-world deployments.
Why It Matters
The combination of Proxmox VE 9.1 and Intel TDX support represents a leap forward in secure virtualization:
- Enterprises can confidently move sensitive workloads to Proxmox without sacrificing control or compliance.
- Cloud providers can offer confidential VMs as a service, differentiating themselves in a competitive market.
- Researchers and innovators gain a trusted platform for secure multi-party computation and data collaboration.
Looking Ahead
With CanaryBit’s involvement, Proxmox VE 9.1 is now positioned as one of the most security-forward open-source virtualization platforms. As confidential computing adoption grows, we can expect further enhancements, such as broader ecosystem support, improved attestation workflows, and tighter integration with compliance frameworks.
CanaryBit’s enablement of Intel TDX in Proxmox VE 9.1 is a game-changer for confidential computing, empowering organizations to run sensitive workloads with unprecedented levels of trust and security.
