



Google Cloud and Intel today announced the results of a nine-month audit of Intel’s new hardware security product, Trust Domain Extensions (TDX). Analysis reveals 10 confirmed vulnerabilities, including 2 vulnerabilities flagged as critical by researchers from both companies, and 5 findings that led to aggressive changes to further strengthen TDX’s defenses became clear. All reviews and fixes were completed prior to production of Intel’s 4th generation Intel Xeon processors, known as Sapphire Rapids, incorporating TDX.

Security researchers from Google Cloud Security and Google’s Project Zero bug-hunting team worked with Intel engineers to conduct the evaluation, initially uncovering 81 potential security issues, which the group investigated in more detail. This project is part of Google Cloud’s Confidential Computing initiative. This is a set of technical features to ensure that customer data is always encrypted and has full access control.

Security concerns are very high for the large cloud providers that operate much of the world’s digital infrastructure. And while the systems they build can be improved, cloud companies still rely on chipmakers’ specialized hardware for their underlying computing power. To gain deeper insight into the processors it relies on, Google Cloud worked with AMD to conduct a similar audit last year and leveraged a long-standing relationship of trust between Intel and Google to launch the TDX initiative. I was. The goal is to help chip makers find and fix vulnerabilities before they pose a potential risk to Google Cloud customers or others.

Companies, we all have our own intellectual property, so it’s not trivial. Nelly Porter, her manager of group products at Google Cloud, said there was a lot of IP in particular in the technology Intel brought to this. It is priceless that we can be incredibly open and trust each other. Intel Trusted Domain Extension technology isn’t just used by Google, it’s used everywhere else, so the research we’re doing will benefit everyone.

Researchers and hackers can attack hardware and online systems from the outside at any time. These exercises are valuable because they simulate situations where attackers typically look for weaknesses to exploit. But collaborations like Google Cloud and Intel require outside researchers to perform black box testing and work with engineers who have deep knowledge of how the product is designed to improve the security of the product. has the advantage of revealing more ways to enhance .

After years of scrambling to fix security erosion due to a design flaw in a processor feature known as speculative execution, chipmakers have invested more in advanced security testing. For TDX, Intel’s in-house hackers conducted their own audits, inviting researchers to scrutinize the hardware as part of Intel’s bug bounty program to test TDX’s security his pace.

Anil Rao, vice president and general manager of system architecture and engineering at Intel, said the opportunity for Intel and Google engineers to work as a team was particularly rewarding. The group met regularly, worked together to jointly track findings, and developed friendships that motivated them to delve deeper into TDX.

