🛡️ Intel TDX Technology

Intel TDX (Trust Domain Extensions) is Intel's next-generation confidential computing technology, representing the evolution from application-level to virtual machine-level protection. On the iExec platform, TDX is an experimental technology that offers advanced capabilities for memory-intensive workloads and legacy application migration.

Why TDX Matters for iExec

iExec is exploring TDX as the next evolution of TEE technology to address the limitations of SGX and enable new use cases:

🔬 Research and Innovation

Future-Proofing: iExec is preparing for the next generation of TEE technology
Advanced Capabilities: TDX enables new use cases that SGX cannot support
Technology Leadership: Staying ahead of the curve in confidential computing

💾 Memory-Intensive Workloads

Large AI Models: Support for complex AI workloads that exceed SGX memory limits
Big Data Processing: Handle large-scale data analytics in secure environments
Database Applications: Secure processing of large databases

🔄 Legacy Application Migration

Lift-and-Shift: Enable existing applications to run securely with minimal changes
Enterprise Adoption: Make it easier for enterprises to adopt confidential computing
Reduced Development Overhead: Lower barrier to entry for TEE adoption

🚀 Experimental Platform

Limited Availability: Currently available on experimental worker pools
Research Environment: Perfect for testing future capabilities
Developer Feedback: iExec uses TDX to gather developer feedback and improve the platform

What is Intel TDX?

TDX (Trust Domain Extensions) is Intel's newer confidential computing technology, different from the default SGX implementation. TDX provides VM-level protection, allowing entire virtual machines to run in secure, isolated environments.

Key TDX Benefits

🔄 Lift-and-Shift Compatibility: Run existing applications with minimal changes
💾 Large Memory Support: Handle memory-intensive workloads (AI, databases)
🛡️ VM-Level Protection: Protect entire virtual machines, not just applications
⚡ Better Performance: Optimized for complex workloads

TDX: The "Virtual Machine-Level" Security

Intel TDX is like having an entire secure building where you can move your existing operations without major renovations. It protects entire virtual machines.

Key Characteristics

Scope: Protects entire virtual machines
Memory: Large secure memory space (like a large vault)
Code Changes: Minimal changes needed - "lift and shift" approach
Use Case: Ideal for complex applications, legacy systems, and AI workloads

Analogy: TDX is like moving your entire office into a secure building where everything is protected.

Visual Representation

TDX Technology Details

How TDX Works

Trust Domain Creation: TDX creates secure virtual machines called "trust domains"
VM-Level Isolation: Entire virtual machines run in isolated, secure environments
Large Memory Support: Significantly larger secure memory space compared to SGX
Legacy Compatibility: Existing applications can run with minimal modifications

TDX Advantages

Larger Memory: Multi-GB+ secure memory space vs limited SGX memory
Easier Migration: "Lift and shift" approach for existing applications
Better Performance: Optimized for complex, memory-intensive workloads
VM-Level Security: Protects entire virtual machines, not just applications

TDX with iExec

iExec is actively exploring TDX technology to expand the platform's capabilities and prepare for the future of confidential computing.

iExec's TDX Infrastructure

iExec provides experimental TDX support through:

🔬 Experimental Worker Pools: Limited TDX-enabled workers for testing
📦 TDX Technology Support: Integration with Intel TDX technology
🔐 Secret Management Service: SMS support for TDX applications
📋 Task Verification: Proof of contribution for TDX executions
🔗 Blockchain Integration: Decentralized coordination and payment

iExec TDX Workflow

TDX Use Cases on iExec

Best For

🔬 Research and Development: Testing future capabilities on iExec
🧪 Experimental Features: Exploring new TEE possibilities
💾 Memory-Intensive Applications: AI workloads, large databases
🔄 Legacy Applications: Existing applications that need TEE protection
🚀 Complex Workloads: Applications requiring large memory and processing power

Current Limitations

Production Warnings

🚫 NOT for production use
🚫 Limited worker availability
🚫 Unstable execution environment
🚫 Breaking changes without notice

When to Use TDX

TDX is ideal for:

💾 Working with memory-intensive applications
🔄 Running existing applications with minimal changes
🚀 Running complex workloads with VM-level protection

What's Next?

Learn about the foundation:

Intel SGX Technology - First-generation application-level TEE technology
SGX vs TDX Comparison - Detailed comparison of both technologies

Ready to experiment with TDX? Check out the practical guides:

Build Intel TDX App (Experimental) - Build TDX applications with traditional deployment and iApp Generator
Create Your First TDX App - Build TDX applications

For production applications, use SGX:

Build & Deploy - Create production-ready SGX applications

🛡️ Intel TDX Technology ​

Why TDX Matters for iExec ​

🔬 Research and Innovation ​

💾 Memory-Intensive Workloads ​

🔄 Legacy Application Migration ​

🚀 Experimental Platform ​

What is Intel TDX? ​

Key TDX Benefits ​

TDX: The "Virtual Machine-Level" Security ​

Key Characteristics ​

Visual Representation ​

TDX Technology Details ​

How TDX Works ​

TDX Advantages ​

TDX with iExec ​

iExec's TDX Infrastructure ​

iExec TDX Workflow ​

TDX Use Cases on iExec ​

Best For ​

Current Limitations ​

When to Use TDX ​

What's Next? ​