Skip to content

Guest OS Setup

On this page, we will introduce how an Intel TDX-enabled guest image can be generated and how a TD using this image can be started. We assume that the host OS setup was done before.

Prepare an Intel TDX-enabled Guest Image

To start an Intel TDX protected VM (i.e., a TD), it is necessary to prepare an Intel TDX-enabled guest image. The TDX Early Preview distributions are the preferred way to prepare such an image. The TDX Early Preview distributions are special distributions provided by partners for a convenient Intel TDX enablement experience. Currently, the following Intel TDX-enabled guest OSes are supported by TDX Early Preview distributions:

  • CentOS Stream 9
  • Ubuntu 24.04
  • openSUSE Leap 15.5 or SUSE Linux Enterprise Server 15-SP5

To prepare a guest image for these OSes, refer to the instructions provided by the individual TDX Early Preview distributions:

Follow instruction from the "Create VM Disk Image" section on the "Run a TD guest (VM)" page in the Cent OS guide.

Follow instruction from the "Create TD Image" section in the Canonical guide.

Warning

Our guide assumes that the remote attestation packages provided by Canonical are not installed on the guest OS. To make sure to not install these packages:

  • Keep the default setting of TDX_SETUP_ATTESTATION=0 during the execution of create-td-image.sh.
  • Do not manually execute setup-attestation-guest.sh, which is described in Section 8.3 of the Canonical guide.

Follow instruction from the "Preparing the Guest Image" section in the SUSE guide.

Launch a Trust Domain

To launch a TD, refer to the instructions provided by the individual TDX Early Preview distributions:

Follow instruction from the "Configure and boot VM" section on the "Run a TD guest (VM)" page in the CentOS guide.

Follow instruction from the "Boot TD" section in the Canonical guide.

Follow instruction from the "Launching a TDX guest" section in the SUSE guide.