Google Cloud and Intel have unveiled the results of a comprehensive nine-month audit of Intel’s new hardware security product: Trust Domain Extensions (TDX). This review involved a thorough inspection of the core Intel TDX software components, as well as an evaluation of the design and documentation provided by Intel. Each major area of TDX was examined to identify defects and weaknesses that could potentially compromise the security and availability of a deployed virtual machine. The analysis uncovered ten confirmed vulnerabilities, including two significant ones flagged by researchers at both companies. In response, five proactive changes were made to further fortify TDX’s defenses.
It’s worth noting that all of the review and fixes were completed well before the production of Intel’s fourth-generation Intel Xeon processors, popularly known as “Sapphire Rapids,” which incorporates TDX. Sapphire Rapids’ high-performance architecture makes it an ideal option to run demanding server workloads like High-Performance Computing (HPC), Artificial Intelligence (AI), Networking, 5G Radio Area Networks (RANs), Data Encryption and Security, and others that call for exceptional processing power.
Google Cloud Security and Google’s Project Zero bug-hunting team joined forces with Intel engineers to conduct a thorough assessment of Sapphire Rapids. The initiative is part of Google Cloud’s Confidential Computing program, a suite of technical capabilities designed to keep customers’ data encrypted at all times, while ensuring they have full access controls.
This audit comes after years of Google Cloud focusing on its Confidential Computing offerings, which aim to keep customer data secure, even during processing. Processor design and implementation flaws pose a significant risk, as they can turn commonly used chips into single points of failure in computers, servers, and other devices where they’re installed. Hackers who exploit a security chip flaw can potentially gain undetectable control and compromise the entire system from its very foundation.
Google Cloud worked with AMD on a similar audit last year and leaned on the longtime trusted relationship between Intel and Google to launch the initiative for TDX. The goal is to help chipmakers find and fix vulnerabilities before they create potential exposure for Google Cloud customers or anyone else.