Ask in ChatGPT 
๐ก๏ธ SGX vs TDX: Technology Comparison โ
Intel SGX and Intel TDX are both TEE technologies, but they solve the security problem differently. On the iExec platform, SGX is the production-ready, widely-supported technology, while TDX is the experimental, next-generation technology for advanced use cases. This guide provides a comprehensive comparison to help you choose the right technology for your iExec applications.
Why This Comparison Matters for iExec โ
iExec supports both SGX and TDX technologies to provide developers with the right tools for different use cases:
๐ Platform Strategy โ
- SGX: Current production technology for reliable, secure applications
- TDX: Future technology for advanced, memory-intensive workloads
- Dual Support: iExec maintains both to serve different developer needs
๐ฐ Use Case Optimization โ
- SGX: Optimized for lightweight applications
- TDX: Optimized for complex applications
- Choice: Developers can select the best technology for their specific needs
๐ Network Evolution โ
- Current: SGX workers provide wide availability and reliability
- Future: TDX workers will enable advanced use cases
- Transition: iExec is preparing for the next generation of TEE technology
Quick Overview โ
| Aspect | Intel SGX | Intel TDX |
|---|---|---|
| Release Year | 2015 | 2023 |
| Protection Scope | Application level | Trusted domain level |
| Memory Size | Limited | Extensive (multi-GB+) |
| Code Changes | โ Significant changes required | โ Minimal changes needed |
| iExec Status | โ Production ready | ๐ฌ Experimental |
| Worker Availability | โ Widely supported | โ Limited availability |
| iExec Use Cases | Lightweight applications | Complex workloads |
| Platform Support | Full iExec ecosystem | Experimental workerpools |
Detailed Comparison โ
๐ฏ Protection Scope โ
Intel SGX: Application-Level Protection โ
- What it protects: Individual applications or parts of applications
- Scope: Small, focused secure areas within larger applications
- Analogy: Like installing a small, specialized safe inside your office
Intel TDX: Trusted Domain Protection โ
- What it protects: Trusted domains (secure virtual machines)
- Scope: Multiple trusted domains can run on a single TDX machine
- Analogy: Like having multiple secure offices within one secure building
๐พ Memory and Performance โ
Intel SGX โ
- Memory: Limited secure memory (typically 1-2GB)
- Performance: Optimized for lightweight applications
- Limitations: Memory constraints can limit application complexity
Intel TDX โ
- Memory: Large secure memory space (multi-GB+)
- Performance: Optimized for complex, memory-intensive workloads
- Advantages: Can handle large datasets and complex applications
๐ง Development and Integration โ
Intel SGX โ
- Code Changes: Requires significant modifications to applications
- Integration: Higher complexity, more development work
- Frameworks: Uses Scone framework on iExec for easier development
- Learning Curve: Steeper learning curve for developers
Intel TDX โ
- Code Changes: Minimal changes needed - "lift and shift" approach
- Integration: Lower complexity, easier migration
- Frameworks: Works with standard development practices
- Learning Curve: Familiar development experience
๐ Use Cases and Applications โ
Intel SGX Best For โ
- โ Production Applications: Stable, proven technology
- โ Lightweight Applications: Focused, high-assurance modules
- โ Cryptographic Operations: Wallets, key management, digital signatures
- โ Financial Applications: Secure payment processing, fraud detection
- โ Identity Management: Secure authentication and authorization
Intel TDX Best For โ
- ๐ฌ Research and Development: Testing future capabilities
- ๐งช Experimental Features: Exploring new TEE possibilities
- ๐พ Memory-Intensive Applications: AI workloads, large databases
- ๐ Legacy Applications: Existing applications that need TEE protection (multiple trusted domains)
- ๐ Complex Workloads: Applications requiring large memory and processing power
- ๐ค Large AI Models: Neural networks, large language models
- ๐ข Multi-Tenant Applications: Running multiple isolated workloads in separate trusted domains
๐ Technical Specifications โ
| Feature | Intel SGX | Intel TDX |
|---|---|---|
| Release Year | 2015 | 2023 |
| Protection Scope | Application level | Trusted domain level |
| Memory Size | Limited (1-2GB) | Extensive (multi-GB+) |
| Code Adaptation | Significant changes required | Minimal changes needed |
| Integration Complexity | Higher (more dev work) | Lower (trusted domain legacy code) |
| Trusted Computing Base | Application + Scone | Entire trusted domain |
| System Calls | Limited (handled by Scone) | Full system support |
| Network Access | TLS-protected | Standard networking |
| File System | Encrypted access | Standard file system |
๐ญ Production Readiness โ
Intel SGX โ
- Status: โ Production ready
- Stability: Proven, stable technology
- Support: Widely supported by iExec workers
- Documentation: Comprehensive documentation and examples
๐ญ iExec Platform Support โ
Intel SGX on iExec โ
- Worker Availability: โ Majority of iExec workers support SGX
- Infrastructure: Complete SGX ecosystem with SMS, Scone framework
- Cost: Standard pricing due to wide availability
- Reliability: High availability and stable execution
- Support: Full iExec platform support and documentation
Intel TDX on iExec โ
- Worker Availability: โ Limited to experimental worker pools
- Infrastructure: Experimental TDX support with limited features
- Cost: May have premium pricing due to scarcity
- Reliability: Potential instabilities and limited availability
- Support: Limited support, experimental status
- Community: Large developer community and ecosystem
Intel TDX โ
- Status: ๐ฌ Experimental
- Stability: May have instabilities and bugs
- Support: Limited worker availability
- Documentation: Limited documentation and examples
- Community: Emerging technology, smaller community
๐ฐ Cost and Availability โ
Intel SGX โ
- Worker Availability: โ Widely available
- Cost: Standard pricing
- Reliability: High availability and reliability
- Support: Full iExec platform support
Intel TDX โ
- Worker Availability: โ Limited availability
- Cost: May have premium pricing due to scarcity
- Reliability: Potential outages and instabilities
- Support: Limited support, experimental status
Decision Framework for iExec โ
Choose Intel SGX When: โ
โ You need production-ready technology
- Building applications for real users on iExec
- Require proven, stable technology
- Can't afford experimental instabilities
โ You have lightweight applications
- Focused, high-assurance modules
- Small memory requirements (under 2GB)
- Simple application logic
โ You need maximum iExec compatibility
- Require wide worker availability
- Need reliable execution
- Want full iExec platform support
โ You're building for security-critical use cases
- Financial applications (DeFi, payment processing)
- Healthcare systems (medical data analysis)
- Identity management (authentication, authorization)
- Cryptographic operations (key management, digital signatures)
โ You need cost-effective solutions
- Standard pricing due to wide availability
- Predictable costs and execution times
- Full iExec ecosystem support
Choose Intel TDX When: โ
๐ฌ You're researching future capabilities
- Exploring next-generation TEE technology on iExec
- Testing experimental features
- Learning about VM-level protection
๐งช You have memory-intensive workloads
- Large AI models and datasets (exceeding 2GB)
- Complex applications requiring multi-GB memory
- Big data processing applications
๐ You want to migrate existing applications
- Have legacy applications to protect
- Want minimal code changes ("lift and shift")
- Need easier migration to TEE
- Want to run multiple applications in separate trusted domains
๐ You're building complex applications
- Applications requiring large memory space
- Complex AI workloads (LLMs, neural networks)
- High-performance computing needs
๐ฌ You're experimenting on iExec
- Testing future iExec capabilities
- Contributing to platform development
- Exploring advanced use cases
โ ๏ธ You understand the limitations
- Accept experimental status and potential instabilities
- Can work with limited worker availability
- Prepared for potential breaking changes
Visual Comparison โ
Intel SGX Architecture โ
Key Points:
- Application-level protection: Only sensitive parts are protected
- Limited memory: Enclave has restricted memory space
- Code changes required: Applications must be modified for SGX
- Scone framework: Used by iExec to simplify SGX development
Intel TDX Architecture โ
Key Points:
- Trusted domain protection: Entire virtual machines are protected
- Multiple domains: Can run multiple isolated trusted domains
- Large memory: Each trusted domain has extensive memory space
- Minimal changes: "Lift and shift" approach for existing applications
Migration Considerations โ
From SGX to TDX โ
- Benefits: Larger memory, easier development, VM-level protection
- Challenges: Experimental status, limited availability, potential instabilities
- Recommendation: Consider for research or when memory limits are reached
From Regular Applications to TEE โ
- SGX Path: More development work, but production-ready
- TDX Path: Easier migration, but experimental technology
- Recommendation: Start with SGX for production, experiment with TDX
What's Next? โ
Learn more about each technology:
- Intel SGX Technology - Detailed SGX guide
- Intel TDX Technology - Detailed TDX guide
Ready to implement? Check out the practical guides:
- Build & Deploy - Create SGX applications
- Build Intel TDX App (Experimental) - Build TDX applications with traditional deployment and iApp Generator
Need help deciding? Consider your requirements:
- Production use: Choose SGX
- Research/experimentation: Consider TDX
- Memory-intensive workloads: TDX may be better
- Maximum compatibility: Choose SGX