Intel SGX vs TDX: what is the difference?

27 July 2022

Intel has been a pioneer in Confidential Computing by introducing Software Guard Extensions – better known as SGX – as early as 2013. It continues this trend with the upcoming Trusted Domain Extensions or TDX. But when it comes to Intel SGX vs Intel TDX, what is the difference?

We first briefly explain Intel SGX – the technology, state of progress, support and outlook. Next, we move on to TDX to introduce it too. Finally, we will conclude with a comparison of the two technologies. Reading this article will help you understand when you should use TDX or SGX, and how the two are related.

Intel SGX

SGX was first publicly presented in a brief, 6-page workshop article called “Innovative instructions and software model for isolated execution”. The was accompanied by a complement article describing Intel’s approach to CPU-based attestation and sealing used in the SGX implementation. Despite important firmware upgrades and a significant overhaul in SGX II, the fundamental architecture of SGX remained the same. SGX is a process-based confidential computing environment. A core premise of SGX is that the security of the code and data deployed in an enclave relies on the security of the firmware and microcode implementing the SGX features. The rest remains untrusted – including the entire underlying operating system and other enclaves.

Once SGX became available in the wild, academic researchers and practitioners managed to find dozens of vulnerabilities. Another aspect that slows down adoption is that SGX has important memory limitations and its own, peculiar programming model. This makes porting legacy software slow and error-prone. The future of SGX remains unclear – while it is still available on many server platforms, Intel has already announced that it will stop supporting SGX on consumer platforms.

Intel TDX

TDX – or Trusted Domain Extensions – is a more recent implementation of a confidential computing environment. Its approach builds on lessons learned from SGX and the understanding that memory limitations and peculiar programming models do not bode well with legacy, general-purpose computing applications that require additional isolation in the cloud. Instead, Intel TDX is a virtualisation-based confidential computing environment. In a nutshell, with TDX the entire virtual machine is an isolated, confidential computing environment, equivalent to an enclave in the SGX model. In this case, the security of code and data deployed in a TDX virtual machine depends on the virtualised operating system’s security, its correct configuration and the security of the underlying firmware. The rest remains untrusted – including the virtualisation layer and its configuration.

Intel TDX reuses some elements of Intel SGX to perform the security attestation of virtual machine images launched in the TDX domain. To strengthen isolation, TDX virtual machines execute is a new processor mode, called SEAM. Now that the entire virtual machine is a confidential computing environment, users can deploy legacy applications and run them without notable performance or memory limitations. The TDX architecture replicates some of the AMD SEV-SNP and IBM PEF features introduced earlier. Recently, we compared four leading confidential computing architectures for enterprise platforms and published our findings. You can reach out to us for guidance in choosing the right confidential computing hardware to support your use case.

At the time of writing (July 2022), there is no publicly available hardware the TDX support. However, Intel engineers are already in the last stages of adding support for TDX features in the Linux kernel. Mainline Linux kernel support is expected in Linux v5.19 later this year. There is, however, no clear indication of upcoming hardware availability.


Hardware with SGX features is still widely available, though being deprecated from the 11th and 12th generation Intel Core Processors. SGX enclaves have been used in several applications, notably to enable Signal’s private contact discovery feature. On the other hand, shipments of TDX hardware are just rolling in to the long tail of cloud service providers (as of Q1 2024) and we are not aware of publicly known applications of the TDX technology in the wild. In several case studies we describe how Canary Bit used the similar AMD SEV-SNP technology to solve customer challenges around cloud infrastructure security and confidential AI.

Conclusion: Intel SGX vs TDX

Both SGX and TDX fit into the paradigm of confidential computing. However, Intel TDX is very different from SGX in several core ways. First, it is a virtualisation-based confidential computing environment, with fewer performance and memory limitations. Second, TDX allows trivial (lift-and-shift) deployment of legacy applications and does not require changing the programming model (as does SGX). Third, it features a better isolation thanks to executing in a new processor mode.

Reach out to us for help with your data protection and compliance challenges.

Get Started!

Explore how Confidential Cloud helps to secure your cloud infrastructure, protect your data from any AI workload and in turn, enable new business.



CanaryBit joins NVIDIA Inception Program for secure AI

CanaryBit joins NVIDIA Inception Program for secure AI

The solutions developed by CanaryBit have since its inception aimed to provide end-to-end data protection and governance solutions for confidential and secure AI processing, enabling B2B collaborations and compliance with data protection regulations. Today, we are...

CanaryBit joins ABB ‘s innovation growth hub SynerLeap

CanaryBit joins ABB ‘s innovation growth hub SynerLeap

CanaryBit has become a member of Synerleap, ABB's innovation growth hub. Synerleap aims to create an ecosystem where ABB can utilize and enable technology companies to grow and expand on a global market in its business areas including industrial automation, robotics...