Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
Among the many interesting talks this past weekend at the 2023 edition of FOSDEM was Intel engineer Jiewen Yao presenting TD-Shim as the company’s work on a lightweight virtual firmware for containers that complies with their approach to confidential computing.
Intel’s TD-Shim is designed a lightweight virtual firmware implementation for confidential containers with the likes of Kubernetes. TD-Shim is designed with security and confidential computing needs in mind while also being as fast to boot as possible.
TD-Shim aims to replace the traditional Open Virtual Machine Firmware and is also designed to be used with Trust Domain Extensions (TDX) introduced with their latest generation Xeon Scalable «Sapphire Rapids» processors.
Of interest to many Phoronix readers is the fast that TD-Shim is yet another new open-source Intel project making use of the Rust programming language. TD-Shim has been tested so far with hypervisors like KVM and the Intel-led Cloud Hypervisor project.
Those interested in learning more about TD-Shim for Intel confidential containers can see this slide deck (PDF) from FOSDEM 2023. The open-source TD-Shim firmware is hosted on GitHub.