Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

ijlal-loutfi
on 12 December 2023

Ubuntu confidential VMs with Intel® TDX are now in public preview on Azure


The Canonical confidential computing team is excited to unveil the public preview of Ubuntu Confidential VMs with  Intel® Trust Domain Extensions (Intel TDX) on Microsoft Azure, as part of  the DCesv5 and ECesv5-series VMs. These VMs leverage the cutting-edge capabilities of 4th Gen Intel Xeon Scalable processors equipped with Intel TDX, and they are ready for you to explore right now. This marks a significant achievement in Ubuntu’s mission to drive the future of confidential public clouds.

Confidential computing threat model

Confidential computing aims to bring about a fundamental shift in the traditional threat model of public clouds. Traditionally,  any vulnerability within the millions of lines of code in the cloud’s privileged system software (OS, hypervisor, firmware) would systematically compromise the confidentiality and integrity of your running code and data. The same could be said for any undue access to your VM and/or its platform by a malicious cloud administrator. 

Ubuntu Confidential VMs (CVMs) are here to give you back control over the security guarantees of your VMs. They do this by allowing you to run your workload within a logically isolated hardware-rooted execution environment. 

Intel Trust Domain Extensions 

Intel® TDX  carves out a portion of system memory which is encrypted at run-time by a new AES-128 encryption engine, and by adding new access control checks that mediate access to this memory, and prevent external access to it even from the cloud’s privileged system software. 

Ubuntu confidential VMs

With this launch, Canonical Ubuntu Server 22.04 LTS also supports Full Disk Encryption. It also offers an extensive range of remote attestation solutions. These CVMs seamlessly integrate Microsoft Azure Attestation and incorporate Intel Trust Authority, catering to enterprises seeking operator-independent attestation.

In parallel, Microsoft Azure has also enriched Ubuntu CVMs with important integrity features, including boot-time attestation and confidential disk encryption with enterprise key management options for PMK (platform-managed key) and CMK (customer-managed key) using Managed HSM with FIPS 140-2 Level 3 validation. 

Last but not the least, Ubuntu 22.04 confidential VMs also support ephemeral vTPMs and OS disks, a new feature where disks can be stored on the VM’s OS cache disk or the VM’s temp/resource disk, without needing to be saved to any remote Azure Storage, and where  vTPMs  generate fresh cryptographic material each time the VM boots up. This allows organisations to start building remote attestation protocols with reduced dependency on the underlying cloud infrastructure.  

Try Ubuntu confidential VMs today

Intel TDX Ubuntu Confidential VMs on Azure is a key step towards building a strong foundation for a zero-trust security strategy in the cloud. Try Ubuntu Confidential VMs on Azure today and experience the future of cloud security. We’re excited to hear your feedback.

Other resources

Related posts


Yash Aggarwal
4 November 2024

Join us for Microsoft Ignite

Ubuntu Article

The Canonical team is gearing up for the next big gathering at Microsoft Ignite 2024, which will take place from November 18 – 22, 2024. Get ready to dive deep into the latest conversations that will shape the future of cloud and open-source innovation. Expand and secure your Microsoft Ignite journey with a visit to ...


ijlal-loutfi
8 July 2024

Deploy confidential computing with Intel® TDX and Ubuntu 24.04 today

Confidential computing Confidential computing

Discover how to deploy confidential computing with Intel® Trust Domain Extensions (Intel® TDX) on Ubuntu 24.04 LTS. Enhance your data security with simplified VM isolation, protecting sensitive data in system memory effortlessly. ...


ijlal-loutfi
21 February 2024

Preview Confidential AI with Ubuntu Confidential VMs and NVIDIA H100 GPUs on Microsoft Azure

Confidential computing Confidential computing

Learn about Confidential AI preview on Azure with Ubuntu confidental VMs and Nvidia H100 GPUs, and explore how confidential computing in the cloud transforms AI security, ensuring utmost confidentiality and integrity for sensitive data and models. ...