Teams from Google Project Zero and Intel have put Intel Trust Domain Extensions (Intel TDX) under the microscope. The joint investigation has resolved several security flaws of the Confidential Computing solution.
Via a blog post, the two companies reveal how they investigated Intel TDX. The solution should allow companies to process sensitive data in a secure environment. This is done via modules within system memory. Indeed, Confidential Computing means that calculations are performed in a hardware-isolated environment, with encryption performed by the processor without user access.
The collaboration occurred between Intel’s hardware developers and Google’s Project Zero team, a group of security analysts who detect zero-day vulnerabilities. With an issue tracker and technical meetings, the two parties maintained contact. Intel informed Project Zero of far-reaching technical information, which allowed for the discovery of 10 security vulnerabilities. In addition, Intel applied 5 “defence in depth” changes over a nine-month period. This methodology involves multiple security measures working together to provide additional security.
Intel hopes that, as a result, users will not have to worry about the security and reliability of their data. “We have a responsibility to make sure the technology is secure,” said Anil Rao, VP/GM systems architecture & engineering at Intel.
In the sign of transparency, Google supports Intel’s decision to open-source the firmware code-base behind its TDX hardware. In this way, the companies say they can help Google Cloud customers and the industry strengthen their security posture. Both sides say they want to spread the benefits of collaboration by releasing these research findings.