Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

ijlal-loutfi
on 25 April 2023

Try Ubuntu confidential VMs with Intel TDX today: limited preview now available on Azure


On behalf of the Canonical confidential computing team, I am happy to announce the limited preview of Ubuntu Confidential VMs with Intel TDX on Microsoft Azure. As part of the DCev5-series and ECesv5-series VMs, they’re available for you to try today! This exciting development is an important milestone in Ubuntu’s journey to power the confidential public cloud of the future.

Confidential computing threat model

With cloud technology enabling faster and more flexible infrastructure deployment than ever before, security challenges have also become more complex. Traditionally, any vulnerability within the millions of lines of code in the cloud’s privileged system software (such as the operating system, hypervisor, and firmware) would compromise the confidentiality and integrity of the running code and data. Similarly, a malicious cloud administrator could potentially access the VM or its platform, compromising the security of your data. 

Intel Trust domain extensions – TDX

Confidential computing represents a fundamental shift to the threat model of the public clouds .As such, Intel TDX, which comes with the new 4th Generation Intel Xeon CPUs, allows you to run your workload within a logically isolated hardware-rooted execution environment. This is achieved by TDX carving out a portion of system memory which is encrypted at run-time by a new AES-128 encryption engine, and by adding new access control checks that mediate access to this memory, and prevent external access to it even from the cloud’s privileged system software. 

To verify the security claims of confidential VMs, native support for attestation with Microsoft Azure Attestation will also  be available in the future. This will provide a hardware-rooted cryptographic proof, including a measurement/hash that attests to the integrity of the software loaded into the TEE, and a cryptographic signature that attests to the authenticity of the cloud’s TEE hardware.

Try Ubuntu confidential VMs today

Intel TDX Ubuntu Confidential VMs on Azure is a key step towards building a strong foundation for a zero-trust security strategy in the cloud. Try Ubuntu Confidential VMs on Azure today and experience the future of cloud security. We’re excited to hear your feedback!

Be sure to check out the following helpful links:

Related posts


ijlal-loutfi
21 February 2024

Preview Confidential AI with Ubuntu Confidential VMs and NVIDIA H100 GPUs on Microsoft Azure

Confidential computing Confidential computing

Learn about Confidential AI preview on Azure with Ubuntu confidental VMs and Nvidia H100 GPUs, and explore how confidential computing in the cloud transforms AI security, ensuring utmost confidentiality and integrity for sensitive data and models. ...


ijlal-loutfi
19 December 2023

Ubuntu Confidential VMs on Azure: Introducing Ephemeral OS disks & vTPMs

Confidential computing Confidential computing

Canonical introduces ephemeral vTPMs for Ubuntu Confidential VMs on Azure, Strengthening remote attestation. Explore the evolution of confidential computing, the pivotal role of vTPMs, and Ubuntu’s solution that minimizes reliance on cloud infrastructure while ensuring comprehensive security within your VM’s software stack.” ...


Canonical
14 December 2023

Canonical and Intel’s strategic collaboration brings you confidential computing with Intel® TDX on Ubuntu

Canonical announcements Article

Ensuring data security at run-time has long been an open computing challenge and a tough problem to solve. This gap arises because data must be decrypted in system memory for processing, even when it is stored encrypted. This exposes it to a large attack surface of threats posed by potentially malicious system software, such as ...