Host OS Setup

On this page, we will introduce how an Intel TDX-enabled host OS can be configured. We assume that proper hardware was selected and the hardware setup was done.

Enable Intel TDX in the Host OS

The preferred way to enable Intel TDX in the host OS is to use the TDX Early Preview distributions. These distributions are provided by partners for a convenient Intel TDX enablement experience. Currently, the following Intel TDX-enabled host OSes are supported by TDX Early Preview distributions:

• CentOS Stream 9
• Ubuntu 23.10

• Ubuntu 24.04

  Note

  This guide currently does not cover Ubuntu 24.04

• openSUSE Leap 15.5 or SUSE Linux Enterprise Server 15-SP5

To install the Intel TDX host OS kernel with KVM support, as well as the QEMU and libvirt packages required to create and manage the launch of TDs, follow the instructions provided by the individual TDX Early Preview distributions:

• CentOS Stream 9
• Ubuntu 23.10
• openSUSE Leap 15.5 or SUSE Linux Enterprise Server 15-SP5

After successful installation of these software components, reboot the system into the BIOS setup menu and perform the necessary Intel TDX enablement steps.

Check Intel TDX enablement

To check the status of your Intel TDX configuration, you can manually execute the following commands:

• Check whether Intel TDX Module is initialized. The expected output contains tdx: TDX module initialized.

  sudo dmesg | grep -i tdx
  

• As a prerequisite for the following commands, install the MSR Tools package and load the MSR module.

  CentOS Stream 9Ubuntu 23.10openSUSE Leap 15.5 or SUSE Linux Enterprise Server 15-SP5

  sudo dnf config-manager --set-enabled crb
  sudo dnf install epel-release epel-next-release
  sudo dnf install msr-tools
  sudo modprobe msr
  

  sudo apt install msr-tools
  sudo modprobe msr
  

  sudo zypper addrepo https://download.opensuse.org/repositories/openSUSE:Backports:SLE-15-SP5/standard/openSUSE:Backports:SLE-15-SP5.repo
  sudo zypper refresh
  sudo zypper install msr-tools
  sudo modprobe msr
  

• Check whether Intel TME is enabled. The expected output is 1.

  sudo rdmsr -f 1:1 0x982
  

• Check the maximum number of Intel TME keys. The expected output depends on what is configured in the BIOS.

  sudo rdmsr -f 50:36 0x981
  

• Check the Intel SGX and MCHECK status. The expected output is 0.

  sudo rdmsr 0xa0
  

• Check the Intel TDX status. The expected output is 1.

  sudo rdmsr -f 11:11 0x1401
  

• Check the maximum number of Intel TDX keys. The expected output depends on what is configured in the BIOS.

  sudo rdmsr -f 63:32 0x87
  

Setup Quote Generation Service (QGS)

The main artifact used in a remote attestation flow is the TD Quote, which is generated on the Intel TDX hardware and then transferred to any other party/machine for verification. To generate a TD Quote, a TD first uses the hardware to generate a TD Report. This TD Report is then forwarded to an Intel SGX Architectural Enclave, called the TD Quoting Enclave. This enclave takes the incoming TD Report, verifies that the TD Report was generated by a TD on the same platform, and then signs the TD Report with a signature key for which the trust is rooted in an Intel CA. More details can be found in the Intel® Trust Domain Extensions Data Center Attestation Primitives (Intel® TDX DCAP): Quote Generation Library and Quote Verification Library documentation.

The Quote Generation Service (QGS) is a service that runs in the host OS (or inside a dedicated VM) to host the TD Quoting Enclave. Note that the QGS cannot run on another machine, because the verification of the TD Report requires that the corresponding TD and the TD Quoting Enclave run on the same machine.

Install QGS

1. If not done during another component installation, set up the appropriate Intel SGX package repository for your distribution of choice:

   CentOS Stream 9Ubuntu 23.10openSUSE Leap 15.5 or SUSE Linux Enterprise Server 15-SP5

   sudo dnf install -y wget yum-utils
   sudo mkdir /opt/intel
   cd /opt/intel
   sudo wget https://download.01.org/intel-sgx/latest/dcap-latest/linux/distro/centos-stream9/sgx_rpm_local_repo.tgz
   sudo tar xvf sgx_rpm_local_repo.tgz
   sudo yum-config-manager --add-repo file:///opt/intel/sgx_rpm_local_repo
   

   echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu mantic main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
   wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
   sudo mkdir -p /etc/apt/keyrings
   cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null
   sudo apt-get update
   

   sudo mkdir /opt/intel
   cd /opt/intel
   sudo wget https://download.01.org/intel-sgx/latest/dcap-latest/linux/distro/suse15.4-server/sgx_rpm_local_repo.tgz
   sudo tar xvf sgx_rpm_local_repo.tgz
   sudo zypper addrepo /opt/intel/sgx_rpm_local_repo sgx_rpm_local_repo
   

2. Install the QGS with the following command, which will also install the necessary prerequisites (the Quote Provider Library (QPL) and the Quoting Library (QL)).

   CentOS Stream 9Ubuntu 23.10openSUSE Leap 15.5 or SUSE Linux Enterprise Server 15-SP5

   sudo dnf --nogpgcheck install -y \
       tdx-qgs \
       libsgx-dcap-default-qpl \
       libsgx-dcap-ql
   

   sudo apt install -y \
       tdx-qgs \
       libsgx-dcap-default-qpl \
       libsgx-dcap-ql
   

   sudo zypper --no-gpg-checks install -y \
       tdx-qgs \
       libsgx-dcap-default-qpl \
       libsgx-dcap-ql
   

   More detailed information about these instructions can be found in our Intel® SGX Software Installation Guide For Linux* OS.

How to check service log of the QGS?

You can check the service log of the QGS with the following command:

CentOS Stream 9Ubuntu 23.10openSUSE Leap 15.5 or SUSE Linux Enterprise Server 15-SP5

sudo journalctl -u qgsd -f

sudo journalctl -u qgsd -f

sudo journalctl -u qgsd -f

Configure QCNL

On start, the QGS reads the configuration file /etc/sgx_default_qcnl.conf, and uses the contained settings for TD Quote Generation. This file contains various settings that might be important in your environment.

Selected highlights regarding this configuration file:

• If the QGS should use a PCCS in your infrastructure as a collateral caching service, you have to adjust the JSON-key pccs_url in the configuration file accordingly.

• If the QGS should accept insecure HTTPS certificates from the PCCS, set the JSON-key use_secure_cert in the configuration file to false.

  Warning

  You must not use insecure HTTPS certificates in a production environment.

• See the comments of the configuration file /etc/sgx_default_qcnl.conf for more information on other settings.

After changing settings in the file /etc/sgx_default_qcnl.conf, you have to restart the QGS:

CentOS Stream 9Ubuntu 23.10openSUSE Leap 15.5 or SUSE Linux Enterprise Server 15-SP5

sudo systemctl restart qgsd.service

sudo systemctl restart qgsd.service

sudo systemctl restart qgsd.service

Setup Communication Path between QGS and TD

The current TDX Early Preview distributions use vsock as the communication path from the TD to the QGS running in the host. A TD can be launched using QEMU or libvirt (see Launch a Trust Domain section). In both cases, special options are necessary to enable the vsock interface.

QEMUlibvirt

Add the following to the QEMU launch command:

-device vhost-vsock-pci,guest-cid=3

Add a vsock entry inside the devices element of the libvirt XML config file of the TD:

...
<devices>
    ...
    <vsock model='virtio'>
        <cid auto='yes' address='3'/>
        <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
    </vsock>
    ...
</devices>
...