On 04/06/2021 11:43, Michael Brown wrote:
On 04/06/2021 11:11, Laszlo Ersek wrote:Out of interest: does Intel TDX provide any security benefits beyond the (much simpler) Intel SGX?And, to reiterate, just because Confidential Computing is theTotally agree with this. Confidential Computing is a very niche use case, and there is no justification for exploding the complexity of the standard OVMF build.
As far as I can tell from the various papers, the fundamental difference between TDX and SGX seems to be that TDX deliberately increases the attack surface from "just the application code" to "entire guest VM, including OS kernel, runtime libraries, etc". Increasing the attack surface while adding complexity is a huge cost so I'm assuming that there must be some commensurate benefit, but nothing in the documentation I've seen seems to describe what this benefit actually is.