Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

on 12 December 2023

Ubuntu confidential VMs with Intel® TDX are now in public preview on Azure

The Canonical confidential computing team is excited to unveil the public preview of Ubuntu Confidential VMs with  Intel® Trust Domain Extensions (Intel TDX) on Microsoft Azure, as part of  the DCesv5 and ECesv5-series VMs. These VMs leverage the cutting-edge capabilities of 4th Gen Intel Xeon Scalable processors equipped with Intel TDX, and they are ready for you to explore right now. This marks a significant achievement in Ubuntu’s mission to drive the future of confidential public clouds.

Confidential computing threat model

Confidential computing aims to bring about a fundamental shift in the traditional threat model of public clouds. Traditionally,  any vulnerability within the millions of lines of code in the cloud’s privileged system software (OS, hypervisor, firmware) would systematically compromise the confidentiality and integrity of your running code and data. The same could be said for any undue access to your VM and/or its platform by a malicious cloud administrator. 

Ubuntu Confidential VMs (CVMs) are here to give you back control over the security guarantees of your VMs. They do this by allowing you to run your workload within a logically isolated hardware-rooted execution environment. 

Intel Trust Domain Extensions 

Intel® TDX  carves out a portion of system memory which is encrypted at run-time by a new AES-128 encryption engine, and by adding new access control checks that mediate access to this memory, and prevent external access to it even from the cloud’s privileged system software. 

Ubuntu confidential VMs

With this launch, Canonical Ubuntu Server 22.04 LTS also supports Full Disk Encryption. It also offers an extensive range of remote attestation solutions. These CVMs seamlessly integrate Microsoft Azure Attestation and incorporate Intel Trust Authority, catering to enterprises seeking operator-independent attestation.

In parallel, Microsoft Azure has also enriched Ubuntu CVMs with important integrity features, including boot-time attestation and confidential disk encryption with enterprise key management options for PMK (platform-managed key) and CMK (customer-managed key) using Managed HSM with FIPS 140-2 Level 3 validation. 

Last but not the least, Ubuntu 22.04 confidential VMs also support ephemeral vTPMs and OS disks, a new feature where disks can be stored on the VM’s OS cache disk or the VM’s temp/resource disk, without needing to be saved to any remote Azure Storage, and where  vTPMs  generate fresh cryptographic material each time the VM boots up. This allows organisations to start building remote attestation protocols with reduced dependency on the underlying cloud infrastructure.  

Try Ubuntu confidential VMs today

Intel TDX Ubuntu Confidential VMs on Azure is a key step towards building a strong foundation for a zero-trust security strategy in the cloud. Try Ubuntu Confidential VMs on Azure today and experience the future of cloud security. We’re excited to hear your feedback.

Other resources

Related posts

21 February 2024

Preview Confidential AI with Ubuntu Confidential VMs and NVIDIA H100 GPUs on Microsoft Azure

Confidential computing Confidential computing

Learn about Confidential AI preview on Azure with Ubuntu confidental VMs and Nvidia H100 GPUs, and explore how confidential computing in the cloud transforms AI security, ensuring utmost confidentiality and integrity for sensitive data and models. ...

19 December 2023

Ubuntu Confidential VMs on Azure: Introducing Ephemeral OS disks & vTPMs

Confidential computing Confidential computing

Canonical introduces ephemeral vTPMs for Ubuntu Confidential VMs on Azure, Strengthening remote attestation. Explore the evolution of confidential computing, the pivotal role of vTPMs, and Ubuntu’s solution that minimizes reliance on cloud infrastructure while ensuring comprehensive security within your VM’s software stack.” ...

14 December 2023

Canonical and Intel’s strategic collaboration brings you confidential computing with Intel® TDX on Ubuntu

Canonical announcements Article

Ensuring data security at run-time has long been an open computing challenge and a tough problem to solve. This gap arises because data must be decrypted in system memory for processing, even when it is stored encrypted. This exposes it to a large attack surface of threats posed by potentially malicious system software, such as ...