Canonical and Intel have announced that they are collaborating to enable customers to take advantage of Confidential Computing, which is a practice that protects data that is in use.
To support this practice, Intel recently introduced Intel Trust Domain Extensions (TDX), which is a hardware-based trusted execution environment (TEE) that allows hardware-isolated virtual machines, or trust domains, to be deployed.
According to Canonical, taking advantage of this new hardware requires that the software stack be upgraded too, which is what led to the partnership between the two companies.
In Ubuntu 23.10, there is a private preview for Intel TDX for customers with a 5th Gen Intel Xeon Scalable processor. The preview will enable customers to start taking advantage of Intel TDX, It also lays the foundation for more capabilities to find their way into future versions of Ubuntu. It is expected to be fully integrated into Ubuntu 24.04 images.
Currently, Canonical is providing scripts for customers to help set up Intel TDX on Ubuntu. The company is also working on adding a remote attestation capability, which should be available later this month. Canonical is leading first line support for the new capabilities, while Intel is providing second line support.
“This strategic collaboration effort between Canonical and Intel marks a significant commitment to advancing confidential computing. Beyond the immediate benefits of Intel TDX, this partnership seeks to bridge the ever-growing gap between cutting-edge silicon innovation and the software ecosystem’s ability to keep pace. Organisations can now confidently embrace the full potential of Intel TDX, ensuring a secure and optimised experience for end-users,” Canonical wrote in a blog post.
Mark Skarpness, vice president and general manager of System Software Engineering at Intel, added: “Intel has a well-established and collaborative relationship with Canonical, and we work closely to enable our security capabilities within the Ubuntu operating environment. Through our collaboration, Canonical now offers an Intel-optimised version of their enterprise distributions that incorporates all the latest Intel TDX architectural elements and innovations in 5th Gen Xeon Scalable processors. This will provide customers with the confidence that their most sensitive data is more secure, while also helping maintain privacy and promote compliance.”